• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Code Signing
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Code Signing

  • Subject: Re: Code Signing
  • From: Peter Hudson <email@hidden>
  • Date: Mon, 07 Sep 2009 11:11:58 +0100

Many thanks for this info.

I was looking for a way to observe the code having been hacked - and if it has been, for the app not to run.
What is the kill flag and how do I set it ? Could it be reset by someone ?

Best regards

Peter



On 7 Sep 2009, at 00:22, Chris Suter wrote:

Hi Peter,

On Sun, Sep 6, 2009 at 9:00 PM, Peter Hudson<email@hidden> wrote: 
I notice that when I sign code ( the whole app )  I  land up with 2
additional items in my /Contents directory in the app bundle.
These items are a folder called _CodeSignature  and an alias called
CodeResources.

If I delete these two items, the code still identifies itself as signed (
when I attempt to run codesign on it again ).
Also, the app still runs.

I was wondering if these files are meant to remain or if removing them is
not an issue ? 

Within an application bundle there are signatures for all the files
within the bundle and then there's a signature for the binary itself.
The signature for the binary is stored within executable and you can
see it if you use the otool -l command (look for the
LC_CODE_SIGNATURE). The signature for all the resources is stored
within the file you've discovered.

As far as I know, except for static validation (using the codesign
tool), the signature for the resources isn't used by much (or at least
it wasn't for Leopard).

The signature for the binary is used by the system for various things.
For example you can set the kill flag to have your application
terminated if there's an invalid signature, and it's used for Keychain
access (so that if you upgrade an application, you won't be prompted
again for password access provided the signature remains valid).

It's important to remember that code signatures are not really there
to prevent malware from running, or make it harder for hackers (since
it's trivial to remove a code signature or replace them other valid
signatures).

At any rate, you shouldn't be deleting those files. If you remove
them, the signature will be invalidated.

By the way, the best list for code signing questions is the apple- cdsa list.

Kind regards,

Chris 

_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden






References: 


 >Code Signing (From: Peter Hudson <email@hidden>)


 >Re: Code Signing (From: Chris Suter <email@hidden>)






    

  • Prev by Date:
Re: Code Signing

    • 

  • Next by Date:
Re: document-based application

    • 

  • Previous by thread:
Re: Code Signing

    • 

  • Next by thread:
Re: Code Signing

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •