System Integrity Protection – SIP – is one of the primary mechanisms which macOS uses to protect itself. Introduced relatively recently in El Capitan (2015), you’ll find various recommendations that to fix problems with macOS or even with some apps, you should turn SIP off first. I hope in this article to convince you that it’s never safe to turn it off, and that Catalina makes that even more important with its new read-only system volume.
In earlier days of Mac OS X, it wasn’t uncommon for key system files to become damaged or corrupted. Sometimes it was put down to disk errors, other times to an out-of-control extension or app, but we never wanted to think that it might have been deliberate. For once any malicious software gained access to the system, that Mac was doomed.
Before El Capitan, the only thing standing between system files and an attacker was the need to gain root privileges. SIP took all those system files out of reach of even the root user (consequently being referred to as rootless): using a combination of the rootless.conf file stored in /System/Library/Sandbox and the com.apple.rootless extended attribute, the contents of most system folders came under SIP’s protection. The only way that a user can circumvent this is by turning SIP off when booted into Recovery mode (or from a bootable macOS installer) and using the csrutil command from there.
Read more at EclecticLight.co