RE: Code Sign verification on Leopard
RE: Code Sign verification on Leopard
- Subject: RE: Code Sign verification on Leopard
- From: Jeff Laing <email@hidden>
- Date: Thu, 15 Oct 2009 04:40:21 +0000
- Acceptlanguage: en-US
- Thread-topic: Code Sign verification on Leopard
> Actually, heck, you wouldn't even need that. All a virus would have to
> do would be to move the binary somewhere else and put a binary in its
> place that does something malicious and then launches the real binary,
> and the user would never tell the difference.
>
> Unless, of course, the app checked its code signature.
Ok, I'll bite. How does the real binary checking its code signature detect the case you just described? Its 100% byte for byte the original executable, its just been moved somewhere else and as far as I'm aware, code signatures do not include your location on disk.
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden