could someone point me to some code that would allow me to check
the validity of the application inside our own code?
Checking your own validity doesn't seem very useful for hack-
resistance, since any hacker patching the binary can just delete the
code that runs the check. Trying to make code protect itself is just
an unwinnable arms-race of obfuscation and other tricks; it can only
deter or delay a crack, not prevent it.
Exactly. The Code Signing calculus is designed to help *someone else*
check your program's validity. The "someone else" can be a launch
controller (Parental Controls, MCX) that can then inhibit your launch,
or it can be a service (keychain, firewall) that grants service based
on your validity. While you can "check yourself" (or you could if the
API was, uh, public, which it isn't - do ask for that :-), if you've
been hacked, you may be lying to yourself.
It seems more useful to use code-checking to verify plug-ins/bundles
that your app loads, since that way the code doing the check is
separate from the possibly-tampered-with code.
Yup. The basic idea is to check newly added code before it can affect
you, and if it doesn't verify, then either refuse to use it (that's
what the HARD flag is about), or clear your own dynamic validity,
thereby announcing (irrevocably) to everyone that you're no longer
(sure you are) valid.
(Although I'm not too optimistic about this, given the total
security failure of ActiveX on Windows — despite using code-signing
from day one, it became a huge vector for malware, through a
combination of poor trust mechanisms, poor UI design, and social
engineering. A more limited form might be useful, though, such as an
app that flatly refuses to load plug-ins that haven't been signed by
the developer of the app itself.)
Windows "code signing" is not only completely different in design and
implementation, it also has a completely different *intent*. The
Windows version tries to determine whether *Microsoft* thinks your
program (or driver etc.) should be used. Mac OS X Code Signing is a
general medium to let the manufacturer and user negotiate as to
whether/how they want to trust each other, with the system providing
the infrastructure to make this possible. Totally different idea.
Cheers
-- perry
---------------------------------------------------------------------------
Perry The Cynic email@hidden
To a blind optimist, an optimistic realist must seem like an Accursed
Cynic.
---------------------------------------------------------------------------
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/apple-cdsa/email@hidden
