Re: Thwarting classdump, etc.
Re: Thwarting classdump, etc.
- Subject: Re: Thwarting classdump, etc.
- From: Wade Tregaskis <email@hidden>
- Date: Sun, 3 Jul 2005 23:41:06 +1000
Quite true. This is why Apple don't recommend using Foundation-
based (iirc) ObjC (notably AppKit, irc) in security-conscious
programs; it's very easy, through multiple paths, for someone to
load other executable code into your app at runtime. But, even
without bundle and plugin conveniences, it's still pretty trivial
to use mach_inject or similar.
Where does Apple say that? Also, since when is it hard to load
executable code into ANY app? There's always gdb, DYLD env
variables, mach_inject, etc. which has nothing to do with Cocoa,
and none of them are hard.
Indeed, but ObjC's introspective capabilities make it much easier.
Imho, I guess. I certainly prefer toying with (non-Appkit) ObjC apps
over C/C++ ones.
But, having being poked by a few others for my earlier comment, :), I
dug through the list archives to try and find whatever it was I'd
read previously. Short answer, I couldn't, although I did find a few
other people making the same comment, so at least I'm not crazy by
myself. :)
In any case, now would be a good time for someone at Apple to [re]
state their official opinion on such things.
Wade Tregaskis (AIM/iChat, Yahoo & Skype: wadetregaskis, ICQ:
40056898, MSN: email@hidden, AV iChat & email:
email@hidden, Jabber: email@hidden)
-- Sed quis custodiet ipsos custodes?
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden