Re: Code Sign verification on Leopard
Re: Code Sign verification on Leopard
- Subject: Re: Code Sign verification on Leopard
- From: Charles Srstka <email@hidden>
- Date: Wed, 14 Oct 2009 02:37:37 -0500
On Oct 13, 2009, at 10:41 AM, Jens Alfke wrote:
This code sample seems to be designed to verify the binary that it's
compiled into. That's sort of useless for security purposes, like
yelling downstairs "are you a burglar?" If your own code's already
been modified, it's easy enough for the hacker to disable the code
that does the checking
Well yeah, if the hacker is specifically targeting your app. However,
if the app gets infected by a virus or something, it won't be doing
that, and your code signing check will catch it. So it's not
completely useless for security purposes.
Charles
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden