---
title: "Known limitations - Santa Docs"
description: "Known limitations - Open source binary authorization for macOS. Configure, deploy, and extend the agent that powers Workshop."
doc_version: "1"
last_updated: "2026-05-22"
canonical: "https://northpole.security/docs/santa/limitations"
---
# Known limitations

-   Santa only blocks execution (execve and variants); it doesn’t protect against dynamic libraries loaded with dlopen, libraries on disk that have been replaced, or libraries loaded using `DYLD_INSERT_LIBRARIES`.
    
-   **Scripts:** Santa is written to ignore any execution that isn’t a binary. After weighing the administrative cost versus the benefit, we found it wasn’t worthwhile to manage the execution of scripts. Additionally, several applications make use of temporary scripts, and blocking these could cause problems. We’re happy to revisit this (or at least make it an option) if it would be useful to others.
    
-   **Removable Media (e.g. USB Mass Storage) Blocking:** Santa’s removable media blocking feature only stops incidental data exfiltration, it is not meant as a hard control. It operates at the mount level. It cannot block:
    
    -   Directly writing to an unmounted, but attached device
-   Metrics reported by Santa are not *currently* in a format that is friendly to open-source solutions

## Sitemap

- [Home](https://northpole.security/index.md)
- [Workshop](https://northpole.security/workshop.md)
- [Santa](https://northpole.security/santa.md)
- [Features](https://northpole.security/features.md)
- [Cookbook](https://northpole.security/cookbook.md)
- [Docs](https://northpole.security/docs.md)
- [Blog](https://northpole.security/blog.md)
- [Glossary](https://northpole.security/glossary.md)
- [About](https://northpole.security/about.md)
- [Contact](https://northpole.security/contact.md)