Lists

Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists

Re: NSTask Leaking...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NSTask Leaking...

Subject: Re: NSTask Leaking...
From: glenn andreas <email@hidden>
Date: Thu, 29 Jan 2009 12:39:50 -0600


On Jan 29, 2009, at 12:20 PM, Mr. Gecko wrote:

Hello, I'm trying to make my own licenses system and I need MD5 to verify that the key in the file is right and isn't a fake. what I've got now is a NSTask that runs md5 -s salt+key+salt2 and it works, but I am getting a leak with NSTask...

Regardless of any other problems, you've introduced a serious weakness - a hacker just needs to temporarily change /sbin/md5 to a shell script that cats the expected output. For that matter, they could easily edit the binary to change the string "/sbin/md5" to another path that does the deed (to avoid having to mess with sbin each time)

If you are trying to write secure code, don't execute external binaries that you have no control over and expect it to be secure.


Glenn Andreas                      email@hidden
 <http://www.gandreas.com/> wicked fun!
JSXObjC | the easy way to unite JavaScript and Objective C


_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden


Follow-Ups:

Re: NSTask Leaking...
From: "Mr. Gecko" <email@hidden>


References:  
  >NSTask Leaking... (From: "Mr. Gecko" <email@hidden>)




Prev by Date:
Re: NSTask Leaking...

Next by Date:
Re: Sub-pixel font smoothing with CGBitmapContext

Previous by thread:
Re: NSTask Leaking...

Next by thread:
Re: NSTask Leaking...

Index(es):

Date
Thread