Re: Code signing
Re: Code signing
- Subject: Re: Code signing
- From: glenn andreas <email@hidden>
- Date: Tue, 23 Aug 2005 08:15:03 -0500
On Aug 23, 2005, at 2:44 AM, email@hidden wrote:
And ultimately, what _exactly_ are you trying to prevent? If
somebody gets your application from somewhere other than your
server, they could be getting anything. And if somebody can
subvert your server, well, you've got bigger problems.
Signing executables does have useful applications - you could have
a root tool which will load and execute certain userland binaries
as root, provided they are signed appropriately. Likewise you
could authorise plugins before loading them, etc. Such systems may
serve only to get around OS limitations on authentication and
similar - notably that they require user interaction and management
- but can certainly shown to be useful.
In theory, this would certainly be useful (I know I'd probably find
some way to use this, if it was a system provided service). But from
a security perspective, it's much weaker than it seems. If the goal
is to prevent unauthorized plugins from be run (for example), the
attack vector of the original hosting app is still wide open, so one
can hack the original app to ignore the plugin signing (since the is
no signing of the hosting application - it would have to be the
kernel that checks that, which, of course brings us back to it having
to be a system level service for real security).
So basically, it would be as effective as a form of copy protection
would be, but that doesn't make it secure.
Glenn Andreas email@hidden
<http://www.gandreas.com/> wicked fun!
quadrium | build, mutate, evolve | images, textures, backgrounds, art
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden