Re: Sample code for a Finder hack - "haxies"
Re: Sample code for a Finder hack - "haxies"
- Subject: Re: Sample code for a Finder hack - "haxies"
- From: "Sailesh Agrawal" <email@hidden>
- Date: Thu, 30 Oct 2003 11:43:01 -0400
We've had this discussion before:
http://cocoa.mamasam.com/COCOADEV/2003/01/2/54466.php
On Thu, 30 Oct 2003 11:58:00 +0000, "Alastair J.Houghton"
<email@hidden> said:
>
On Thursday, October 30, 2003, at 11:13 am, Oliver Donald wrote:
>
>
> This paragraph from "Dynamic overriding in OS X" got my attention:
>
> 'Mach offers the ability for one process to allocate memory in another
>
> process's address space via the vm_allocate() call. You can populate
>
> to this
>
> "remote" memory block using vm_write(). Finally,
>
> thread_create_running()
>
> allows you to create a new thread in another process.'
>
>
>
> Do those functions not present a pretty serious security risk? Are
>
> there any
>
> rules regarding what process' can be patched?
>
>
I'm no expert on Mach, but it's almost certainly controlled by whether
>
you have rights on a Mach port, the same as many other things in Mach.
>
>
> It seems a bit dodgy that any
>
> old application can mark another app's address space writeable and then
>
> splat data into it. Is this ok?
>
>
Fine, as long as it has the rights to do so and as long as the security
>
mechanisms are effective.
>
>
Kind regards,
>
>
Alastair.
>
_______________________________________________
>
cocoa-dev mailing list | email@hidden
>
Help/Unsubscribe/Archives:
>
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
>
Do not post admin requests to the list. They will be ignored.
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.