Re: File integrity
Re: File integrity
- Subject: Re: File integrity
- From: email@hidden
- Date: Thu, 22 May 2008 13:35:37 +0200
I know. I just want to discourage the baby crackers. Codesign looks
interesting. Ptrace seems to have been strengthened in Leopard, too.
At least I wasn't able to bypass it as easily as outlined by steike.
Always something :-)
Thanks!
On Thu, May 22, 2008 at 1:22 PM, Jean-Daniel Dupas
<email@hidden> wrote:
>
> Le 22 mai 08 à 12:57, Keith Duncan a écrit :
>
>>> is there a way to tell if my executable was launched by/attached to some
>>> other process?
>>
>> You can use ptrace(2) with the PT_DENY_ATTACH request to prevent anyone
>> from attaching and will kill the process if it is already being traced.
>>
>> See http://steike.com/code/debugging-itunes-with-gdb/
>>
>> This has been worked around using a simple kernel extension, I don't know
>> what the current state of it is but it may not be that reliable.
>>
>>> file integrity
>>
>> You can also use codesign(1) which will alert the user if your binary has
>> been tampered with since the signing. Note that it doesn't prevent the user
>> from launching your application and the functions for determining the
>> integrity of your executable aren't public.
>>
>> Keith
>
> There is absolutly no way to completly prevent an user to launch your
> application. If he really want, he can resign the app with is own signature.
> You can add a check, he can change your binaty to bypass it.
> You can just do it a little harder, but as long as the user can do whatever
> he want with your executable, he can launch and decompile it.
>
> Don't lose to much time to discourage hackers, it's barely always useless.
>
>
>
>
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden