Is it safe to turn off 'System Integrity Protection' to get TotalFinder to run on El Cap?

[peanutismint]

TotalFinder is one of the many Mac apps I can't live without. It simply makes my Mac experience better, adding split-window browsing, 'folders on top' file view and the all-important 'cut' command to OS X.

As of El Cap beta, it no longer works, but I've been told it will work if I turn off 'System Integrity Protection' in safe mode....

Does anybody know what this feature does (apart from breaking many useful apps like TotalFinder!)? Is it meant to protect against malicious viruses etc or is it just to stop people from messing with (read: 'making better'!) the OS X system core?

The suggestion can be found on this page: http://blog.binaryage.com/el-capitan-update/

 

[leman]

The SIP feature protects the core system files from non-authorised modifications. Apps like TotalFinder basically inject code into Apple's stock applications, this is why SIP breaks them. Technically, there is a good chance that they will still work once the TotalFinder developers fix their code (other add-on apps like MailTags and xtraFinder seem to have a working beta for 10.11). You can of course turn SIP off, but you might be compromising your system for future vulnerabilities or introducing potential stability issues.

As far as my personal opinion goes, I believe that developers of TotalFinder should invest their time into making a standalone file browsing app rather than hacking around in Finder's code. Its messy, its ugly and it can produce hard to detect bugs. For a properly designed modern OS X application, SIP is not a problem. Apple offers plenty of tools to do (almost) whatever you want, but they ask you to play safe. Which, I think, is ultimately in the interest of the user.

 

[peanutismint]

Ok cool, thanks for the info on SIP.

I think from the sounds of their website the team have got sick of Apple blocking their apps and have decided to abandon TotalFinder which is a shame, so I'm not holding my breath for an update...! I understand this may well be the way of many of these kind of apps now as Apple lock down their systems more, but I've had few problems with TotalFinder in the past so I'll give it a try.

UPDATE: Or, alternatively, I've heard XtraFinder might still work (which does a lot of the same things that I'm looking for...)

 

[leman]

I think from the sounds of their website the team have got sick of Apple blocking their apps and have decided to abandon TotalFinder which is a shame, so I'm not holding my breath for an update...! I understand this may well be the way of many of these kind of apps now as Apple lock down their systems more, but I've had few problems with TotalFinder in the past so I'll give it a try.

I jus want to make it clear that Apple is not blocking their apps. Rather, they are abusing the undocumented and unsupported features of the OS to modify a stock application. So please don't blame this one on Apple. They never supported it and they always were very clear that the developers should not use undocumented features. If anything, you should be angry at the developer who is selling software which is known from the start to be volatile.

 

[subsonix]

As of El Cap beta, it no longer works, but I've been told it will work if I turn off 'System Integrity Protection' in safe mode....

As you mention, El Capitain is still in beta, a safer thing is to wait until it's not in beta and let Total Finder resolve the issue on their end. Don't run a beta version of the OS if you depend on it for your day to day activities.

 

[fisherking]

bartender has a good process: turn off SIP, install bartender, reboot, turn SIP back on. works...

 

[peanutismint]

I jus want to make it clear that Apple is not blocking their apps. Rather, they are abusing the undocumented and unsupported features of the OS to modify a stock application.

I'm perfectly aware of who the 'bad guys' are in this situation, but the truth is those 'bad guys' added functionality to the system that, really, a company who I've given a large amount of money to over the years should really have had included in the first place. Also, let's not pretend that what these people enabled was some sort of evil sin; you say volatile but I hardly experienced any untoward or negative effects when using their software. Of course, YMMV...

 

[peanutismint]

I use Bartender as well so this is a good tip, thanks!

 

[peanutismint]

As you mention, El Capitain is still in beta, a safer thing is to wait until it's not in beta and let Total Finder resolve the issue on their end. Don't run a beta version of the OS if you depend on it for your day to day activities.

I wish I'd never updated. I didn't need to. It was an impulse decision!

 

[leman]

Also, let's not pretend that what these people enabled was some sort of evil sin; you say volatile but I hardly experienced any untoward or negative effects when using their software. Of course, YMMV...

With volatile I meant 'potentially broken after any minor OS upgrade', sorry if thats a bad choice of a verb (english is not my main language).

 

[KALLT]

Does anybody know what this feature does (apart from breaking many useful apps like TotalFinder!)? Is it meant to protect against malicious viruses etc or is it just to stop people from messing with (read: 'making better'!) the OS X system core?

One necessarily includes the other, System Integrity Protection doesn’t distinguish between good and bad modifications. As Apple said in one of the developer sessions: system security is all about layers. This is yet another layer that is supposed to catch malicious programs that root fails to prevent from running. You are perfectly free to decide which protection layers you need and which ones you find unnecessary. Just as you can disable Gatekeeper to prevent unsigned applications from being run the first time, you can disable System Integrity Protection to protect your system against malware or exploits that root fails to protect you against.

Is there a potential risk? Yes, of course. The questions are how big is that risk and do you think it is worth it. There is no right or wrong answer to this question. If you think that root protects you adequately, just as it has for many years, there is no inherent need to apply System Integrity Protection.

 

[w0lf]

To answer the title, you'll be as safe as you were pre-El Capitan if you turn off SIP. So if you weren't worried then you probably don't need to be worried now with it off.

Tweaks that require injection to system apps can be installed in /System with SIP off and will then work with SIP turned back on (at least for the time being). That's what Bartender is doing and what I've done with cDock.

 

[Zorn]

To answer the title, you'll be as safe as you were pre-El Capitan if you turn off SIP. So if you weren't worried then you probably don't need to be worried now with it off.

Tweaks that require injection to system apps can be installed in /System with SIP off and will then work with SIP turned back on (at least for the time being). That's what Bartender is doing and what I've done with cDock.

I pretty much was about to post this exact same thing; well said.