Re: Code signing
Re: Code signing
- Subject: Re: Code signing
- From: email@hidden
- Date: Tue, 23 Aug 2005 17:44:28 +1000
Up until somewhat recently, applications did "prebinding" which
effectively caused the executable to be changed (to make them
launch faster). The net result was that since the app was actually
changed on the client's machine, there was no really useful way to
sign the binary (you could do something with the macho sections
that didn't need to be tweaked, but that limited the appeal of
signed binaries).
Note that you can unprebind (meh) a binary using redo_prebinding (and
the -u parameter), and via other methods, but all current
implementations are buggy, afaik. redo_prebinding doesn't properly
readjust sections that were padded out during prebinding, meaning
while it doesn't always reproduce the original executable.
I played with this for a while some time ago, and got sort of close
to a working implementation, but not before it become too complex to
be worth my while.
And ultimately, what _exactly_ are you trying to prevent? If
somebody gets your application from somewhere other than your
server, they could be getting anything. And if somebody can
subvert your server, well, you've got bigger problems.
Signing executables does have useful applications - you could have a
root tool which will load and execute certain userland binaries as
root, provided they are signed appropriately. Likewise you could
authorise plugins before loading them, etc. Such systems may serve
only to get around OS limitations on authentication and similar -
notably that they require user interaction and management - but can
certainly shown to be useful.
What I would caution is people trying to use executable signing for
once-off processes, such as acquiring the executable to start with.
Since there's no prebinding done before the executable gets onto
someone's system, it's always in a consistent state, which means you
could "code sign" it, but really that just amounts to signing it like
any other arbitrary data. There already exist numerous approaches
for doing this, SSL not the least, so there's no real need to
reinvent the wheel for those types of applications.
Wade Tregaskis (AIM/iChat, Yahoo, Gizmo & Skype: wadetregaskis, ICQ:
40056898, MSN: email@hidden, AV iChat & email:
email@hidden, Jabber: email@hidden)
-- Sed quis custodiet ipsos custodes?
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden