Re: Code Sign verification on Leopard
Re: Code Sign verification on Leopard
- Subject: Re: Code Sign verification on Leopard
- From: "Clark S. Cox III" <email@hidden>
- Date: Thu, 15 Oct 2009 07:57:56 -0700
The malicious code could just move the entire original bundle
wholesale. Code signature check still sees the original bundle.
Sent from my iPhone
On Oct 14, 2009, at 21:42, Charles Srstka <email@hidden>
wrote:
On Oct 14, 2009, at 11:40 PM, Jeff Laing wrote:
Actually, heck, you wouldn't even need that. All a virus would
have to
do would be to move the binary somewhere else and put a binary in
its
place that does something malicious and then launches the real
binary,
and the user would never tell the difference.
Unless, of course, the app checked its code signature.
Ok, I'll bite. How does the real binary checking its code
signature detect the case you just described? Its 100% byte for
byte the original executable, its just been moved somewhere else
and as far as I'm aware, code signatures do not include your
location on disk.
You check the signature of the .app bundle, not the executable itself.
Charles
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden