Re: Code Sign verification on Leopard
Re: Code Sign verification on Leopard
- Subject: Re: Code Sign verification on Leopard
- From: Clark Cox <email@hidden>
- Date: Wed, 14 Oct 2009 08:50:54 -0700
On Wed, Oct 14, 2009 at 12:37 AM, Charles Srstka
<email@hidden> wrote:
> On Oct 13, 2009, at 10:41 AM, Jens Alfke wrote:
>
>> This code sample seems to be designed to verify the binary that it's
>> compiled into. That's sort of useless for security purposes, like yelling
>> downstairs "are you a burglar?" If your own code's already been modified,
>> it's easy enough for the hacker to disable the code that does the checking
>
> Well yeah, if the hacker is specifically targeting your app. However, if the
> app gets infected by a virus or something, it won't be doing that, and your
> code signing check will catch it. So it's not completely useless for
> security purposes.
You say that as if "getting infected by" and "being specifically
targeted by" a virus are different things. Either a virus has targeted
your application, and as such knows enough about it to modify it's
code (and therefore replace/defeat any signature check), or it's
targeting something outside of your application (a framework, a bundle
loaded into your application, etc.), in which case the changed code
happens outside of your application's code and a signature check will
not find any issues.
If you're trying to detect malicious changes to your application, then
checking your own signature is useless, the entity doing the check has
to be beyond the reach of the malicious code in order to be trusted;
once that check is inside the application code itself, it becomes
useless.
--
Clark S. Cox III
email@hidden
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden