Re: Using the security framework
Re: Using the security framework
- Subject: Re: Using the security framework
- From: Michael Ash <email@hidden>
- Date: Sun, 25 Jan 2009 10:20:41 -0500
On Sun, Jan 25, 2009 at 12:54 AM, Chris Hanson <email@hidden> wrote:
> On Jan 24, 2009, at 6:29 PM, Michael Ash wrote:
>
>> On Sat, Jan 24, 2009 at 6:08 PM, Chris Hanson <email@hidden> wrote:
>>>
>>> Among other things, to be truly secure you must use a secure installation
>>> mechanism. Do not write your own install tool — it can't be made secure
>>> without itself being installed via a secure installation mechanism.
>>> Instead, use Installer.app for your installations since it's included
>>> with
>>> the operating system and not modifiable with normal user privileges.
>>
>> I'm afraid I don't understand this advice. Could you explain what sort
>> of vulnerability would exist in a custom install tool that would not
>> exist when using Installer.app to install a custom package?
>
> Because Installer.app is installed by the operating system you can - if
> you've taken appropriate security measures to begin with - be reasonably
> certain that it hasn't been tampered with.
>
> When writing your own install tool, you have a bootstrapping problem: You
> will eventually need to have the user authorize some untrusted code to run
> as root - code that could have been modified behind the user's back.
>
> An installer package could also have been writable by the user, but modern
> packages can be signed so their integrity can be checked.
So could a custom installer. It seems to me that the problem of
protecting a custom installer and the problem of protecting a custom
package being used with the system installer are equivalent. Is there
a way that a custom binary can be tampered with that a custom .pkg is
immune to?
Mike
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden