Re: Using the security framework
Re: Using the security framework
- Subject: Re: Using the security framework
- From: Joe Turner <email@hidden>
- Date: Sat, 24 Jan 2009 23:58:54 -0600
But you can also code sign nowadays
On Jan 24, 2009, at 11:54 PM, Chris Hanson wrote:
On Jan 24, 2009, at 6:29 PM, Michael Ash wrote:
On Sat, Jan 24, 2009 at 6:08 PM, Chris Hanson <email@hidden> wrote:
Among other things, to be truly secure you must use a secure
installation
mechanism. Do not write your own install tool — it can't be made
secure
without itself being installed via a secure installation mechanism.
Instead, use Installer.app for your installations since it's
included with
the operating system and not modifiable with normal user privileges.
I'm afraid I don't understand this advice. Could you explain what
sort
of vulnerability would exist in a custom install tool that would not
exist when using Installer.app to install a custom package?
Because Installer.app is installed by the operating system you can -
if you've taken appropriate security measures to begin with - be
reasonably certain that it hasn't been tampered with.
When writing your own install tool, you have a bootstrapping
problem: You will eventually need to have the user authorize some
untrusted code to run as root - code that could have been modified
behind the user's back.
An installer package could also have been writable by the user, but
modern packages can be signed so their integrity can be checked.
-- Chris
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden