Re: Code Sign verification on Leopard
Re: Code Sign verification on Leopard
- Subject: Re: Code Sign verification on Leopard
- From: Clark Cox <email@hidden>
- Date: Thu, 15 Oct 2009 09:05:17 -0700
On Thu, Oct 15, 2009 at 8:51 AM, Charles Srstka
<email@hidden> wrote:
> On Oct 15, 2009, at 9:57 AM, Clark S. Cox III wrote:
>
>> The malicious code could just move the entire original bundle wholesale.
>> Code signature check still sees the original bundle.
>>
>> Sent from my iPhone
>
> Presumably, this would be more noticeable to the user than simply copying a
> binary file inside an opaque app bundle that most users never look inside.
Not if the new opaque app bundle looks the same to the user (the new
location of the application can be *within* a wrapper set up by the
malicious code.
Noticeable or not, the fact is that a check of your code signature,
from within the same signed code is useless against malicious
tampering. In order to detect malicious tampering, the code signature
check must come from the outside. Period. Once the malicious code has
the wherewithal to modify the application's code, there is nothing
stopping it from modifying the signature check itself to always return
true.
--
Clark S. Cox III
email@hidden
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden