Re: Patching an application (long)
Re: Patching an application (long)
- Subject: Re: Patching an application (long)
- From: Jeff Disher <email@hidden>
- Date: Thu, 16 Jan 2003 19:48:11 -0500
As far as I can tell, they are not modifying the behavior of an
arbitrary application, just the one that they are writing.
I know nothing about the behavior of APE but I know that categories
(and derivative ideas like the mentioned "MethodSwizzling") only affect
the application that they are loaded into.
This makes sense since you cannot just start manipulating the memory of
arbitrary programs at run-time in a protected memory system.
Categories only modify the implementation pointers maintained by the
runtime which is a per-application structure (which calls into shared
memory blocks). Modifying the runtime does not modify the shared
memory that it makes calls to.
Thus, it is not a security in the slightest since you are always free
to make your own programs insecure (but there are much more efficient
ways to do that).
The only way, that I know of, that you can manipulate the behavior of
all programs is by changing the code that it links to, to do something
else. I am not even sure if that is possible given the way that Mach-O
linking occurs in the two-level namespace it now uses (but I could be
wrong, anyone?). Even if it can be done, however, you would have to
write this malicious code to the read-only Frameworks directory where
the other programs are expecting to see the code. Since only root can
write to that directory, you would have to deliberately run a malicious
installer of some sort with super use privileges.
Having "signed" application is a bad idea, in my opinion. Also, as far
as I can tell, you already have that functionality with the built-in
protected memory of the OS.
I might be incorrect in any of these things (especially that linking
one, it is sort of a guess) but everyone seems to worry about this
whenever someone explains runtime hacking to them for the first time,
and this seems like another one of those.
Does that sound right?
Jeff.
On Thursday, January 16, 2003, at 03:52 PM, Chris Hanson wrote:
At 10:22 AM -0800 1/16/03, Buddy Kurz wrote:
I'm not usually paranoid (no matter what they say) but I would prefer
that my trusted applications remain trustworthy!
Any thoughts or reassurances on this?
It is a serious security problem.
My hope is that Apple will fix it, perhaps by only allowing non-root
tools signed with a special private key to manipulate other processes'
address spaces without a warning dialog of some sort. (Tools running
as root would be able to do it just as they can now.) That way,
debuggers would still be able to work fine -- since their developers
could submit their binaries to Apple for signing -- but this patching
garbage would stop.
-- Chris
--
Chris Hanson, bDistributed.com, Inc. | Email: email@hidden
Custom Application Development | Phone: +1-847-372-3955
http://bdistributed.com/ | Fax: +1-847-589-3738
http://bdistributed.com/Articles/ | Personal Email: email@hidden
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.
Jeff Disher
President and Lead Developer of Spectral Class
Spectral Class: Shedding Light on Innovation
http://www.spectralclass.com/
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.