Re: Scary Stuff!
Re: Scary Stuff!
- Subject: Re: Scary Stuff!
- From: Britt Durbrow <email@hidden>
- Date: Wed, 17 Jun 2015 14:46:57 -0700
I’ve skimmed the paper; and it seems to me that there is no API/system-level solution possible.
I’m not familiar with the Keychain API; owing to not having needed to use it, but it seems to me that a best practices approach can solve that issue: check that the keychain item’s properties (ACL most importantly) are what you expect before using it. However, the OS can’t know ahead-of-time what those ACLs should be; consequently it must fall to the app to provide that logic.
Likewise, some containers are supposed to be shared; and others aren’t. The OS can’t know what that is; it must fall upon the App Store to validate that. An automated heuristics approach backed up by actual human validation of edge cases is probably the way to go for this:
1) Bundle identifiers that belong to the developer submitting the app automatically get passed.
2) Bundle identifiers that are known to be shared automatically get passed.
3) All others get human review.
URL schemes should require registration with Apple; collisions should cause a store submission to fail.
And lastly, if you have malware on your system; you are pretty much toast: despite all that we do to try to prevent it, no system of this level of complexity is perfect, and the good guys have to be right 100% of the time, while the bad guys only have to be right once in order for it to worm it’s way into the machine.
> On Jun 17, 2015, at 2:07 PM, Jens Alfke <email@hidden> wrote:
>
>
> (“I know! I’ll write the passwords to a plist and XOR the bytes with a 32-bit secret number I hardcode in my app!”)
WHAT?!?! Nooooo! You gotta use ROT13! ;-P
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden