• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Using the security framework
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Using the security framework

  • Subject: Re: Using the security framework
  • From: Michael Ash <email@hidden>
  • Date: Sun, 25 Jan 2009 10:20:41 -0500
On Sun, Jan 25, 2009 at 12:54 AM, Chris Hanson <email@hidden> wrote:
> On Jan 24, 2009, at 6:29 PM, Michael Ash wrote:
>
>> On Sat, Jan 24, 2009 at 6:08 PM, Chris Hanson <email@hidden> wrote:
>>>
>>> Among other things, to be truly secure you must use a secure installation
>>> mechanism.  Do not write your own install tool — it can't be made secure
>>> without itself being installed via a secure installation mechanism.
>>> Instead, use Installer.app for your installations since it's included
>>> with
>>> the operating system and not modifiable with normal user privileges.
>>
>> I'm afraid I don't understand this advice. Could you explain what sort
>> of vulnerability would exist in a custom install tool that would not
>> exist when using Installer.app to install a custom package?
>
> Because Installer.app is installed by the operating system you can - if
> you've taken appropriate security measures to begin with - be reasonably
> certain that it hasn't been tampered with.
>
> When writing your own install tool, you have a bootstrapping problem:  You
> will eventually need to have the user authorize some untrusted code to run
> as root - code that could have been modified behind the user's back.
>
> An installer package could also have been writable by the user, but modern
> packages can be signed so their integrity can be checked.

So could a custom installer. It seems to me that the problem of
protecting a custom installer and the problem of protecting a custom
package being used with the system installer are equivalent. Is there
a way that a custom binary can be tampered with that a custom .pkg is
immune to?

Mike
_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >Using the security framework (From: Joe Turner <email@hidden>)
 >Re: Using the security framework (From: Chris Hanson <email@hidden>)
 >Re: Using the security framework (From: Joe Turner <email@hidden>)
 >Re: Using the security framework (From: Chris Hanson <email@hidden>)
 >Re: Using the security framework (From: Michael Ash <email@hidden>)
 >Re: Using the security framework (From: Chris Hanson <email@hidden>)

  • Prev by Date: Re: addSubview bottleneck
  • Next by Date: Re: Forcing allocation of a subclass
  • Previous by thread: Re: Using the security framework
  • Next by thread: Re: Using the security framework
  • Index(es):
    • Date
    • Thread