• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: NSTask Leaking...
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NSTask Leaking...

  • Subject: Re: NSTask Leaking...
  • From: "Mr. Gecko" <email@hidden>
  • Date: Thu, 29 Jan 2009 16:06:27 -0600
but for an example, How would I implement it? is there any example applications out there?

On Jan 29, 2009, at 3:35 PM, Jean-Daniel Dupas wrote:


Le 29 janv. 09 à 22:20, Jeremy Pereira a écrit :


On 29 Jan 2009, at 19:33, Mr. Gecko wrote:

I'm just going to use sscrypto framework for it...

If a malicious person can replace an executable with his own, he can probably also replace a framework...


Why using a library when the libSystem provide hash functionality ?

/usr/include/CommonCrypto/CommonDigest.h





Regardless of any other problems, you've introduced a serious weakness - a hacker just needs to temporarily change /sbin/md5 to a shell script that cats the expected output. For that matter, they could easily edit the binary to change the string "/sbin/ md5" to another path that does the deed (to avoid having to mess with sbin each time)

If you are trying to write secure code, don't execute external binaries that you have no control over and expect it to be secure.


Glenn Andreas                      email@hidden
<http://www.gandreas.com/> wicked fun!
JSXObjC | the easy way to unite JavaScript and Objective C





_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden


_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden





_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




  • Follow-Ups:

      

    • Re: NSTask Leaking...

      • From: Jean-Daniel Dupas <email@hidden>
      • 





References: 


 >NSTask Leaking... (From: "Mr. Gecko" <email@hidden>)


 >Re: NSTask Leaking... (From: glenn andreas <email@hidden>)


 >Re: NSTask Leaking... (From: "Mr. Gecko" <email@hidden>)


 >Re: NSTask Leaking... (From: Jeremy Pereira <email@hidden>)


 >Re: NSTask Leaking... (From: Jean-Daniel Dupas <email@hidden>)






    

  • Prev by Date:
Partially Transparent windows

    • 

  • Next by Date:
problems resetting timer interval.

    • 

  • Previous by thread:
Re: NSTask Leaking...

    • 

  • Next by thread:
Re: NSTask Leaking...

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •