• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Code signing
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Code signing

  • Subject: Re: Code signing
  • From: email@hidden
  • Date: Tue, 23 Aug 2005 17:44:28 +1000
Up until somewhat recently, applications did "prebinding" which effectively caused the executable to be changed (to make them launch faster). The net result was that since the app was actually changed on the client's machine, there was no really useful way to sign the binary (you could do something with the macho sections that didn't need to be tweaked, but that limited the appeal of signed binaries).

Note that you can unprebind (meh) a binary using redo_prebinding (and the -u parameter), and via other methods, but all current implementations are buggy, afaik. redo_prebinding doesn't properly readjust sections that were padded out during prebinding, meaning while it doesn't always reproduce the original executable.

I played with this for a while some time ago, and got sort of close to a working implementation, but not before it become too complex to be worth my while.

And ultimately, what _exactly_ are you trying to prevent? If somebody gets your application from somewhere other than your server, they could be getting anything. And if somebody can subvert your server, well, you've got bigger problems.

Signing executables does have useful applications - you could have a root tool which will load and execute certain userland binaries as root, provided they are signed appropriately. Likewise you could authorise plugins before loading them, etc. Such systems may serve only to get around OS limitations on authentication and similar - notably that they require user interaction and management - but can certainly shown to be useful.

What I would caution is people trying to use executable signing for once-off processes, such as acquiring the executable to start with. Since there's no prebinding done before the executable gets onto someone's system, it's always in a consistent state, which means you could "code sign" it, but really that just amounts to signing it like any other arbitrary data. There already exist numerous approaches for doing this, SSL not the least, so there's no real need to reinvent the wheel for those types of applications.

Wade Tregaskis (AIM/iChat, Yahoo, Gizmo & Skype: wadetregaskis, ICQ: 40056898, MSN: email@hidden, AV iChat & email: email@hidden, Jabber: email@hidden)
-- Sed quis custodiet ipsos custodes?

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




  • Follow-Ups:

      

    • Re: Code signing

      • From: glenn andreas <email@hidden>
      • 





References: 


 >Code signing (From: Brad Peterson <email@hidden>)


 >Re: Code signing (From: glenn andreas <email@hidden>)






    

  • Prev by Date:
Re: Inserting a method call into main thread....  how do I do it?

    • 

  • Next by Date:
Re: NSMutableData short comings?

    • 

  • Previous by thread:
Re: Code signing

    • 

  • Next by thread:
Re: Code signing

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •