• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: mach-o digital signature segment? (was: Re: mach-o section question)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: mach-o digital signature segment? (was: Re: mach-o section question)

  • Subject: Re: mach-o digital signature segment? (was: Re: mach-o section question)
  • From: Army Research Lab <email@hidden>
  • Date: Tue, 22 Apr 2008 12:57:25 -0400
  • Thread-topic: mach-o digital signature segment? (was: Re: mach-o section question)
Well, nice to know its possible AND its already been done! :D

I'll go back to my mach-o parser planning now...

Thanks,
Cem Karan

------------------------------

Message: 14
Date: Tue, 22 Apr 2008 09:20:56 -0700
From: Andrew Myrick <email@hidden>
Subject: Re: mach-o digital signature segment? (was: Re: mach-o
    section    question)
To: email@hidden
Message-ID: <email@hidden>
Content-Type: text/plain; charset=us-ascii; format=flowed; delsp=yes

man codesign

http://developer.apple.com/documentation/Security/Conceptual/CodeSigningGuid
e/Introduction/chapter_1_section_1.html#//apple_ref/doc/uid/TP40005929-CH1-D
ontLinkElementID_13

-Andrew

On Apr 22, 2008, at 5:11 AM, Army Research Lab wrote:

> A good point, I'll keep it in mind, although I think I'd like to
> test both
> ways.
>
> I just had a sudden, sideways thought; mach-o allows us to define new
> segments, right?  Can we put pure data into a segment?  SHA-1, MD5,
> etc. got
> me to thinking about putting in a segment that contains the digital
> signature of the rest of the mach-o data.  Is that possible?  More
> importantly, for signed mach-o files, can the loader be set up to
> check the
> signature prior to running the program, each time?  That might help
> cut down
> on viruses, etc (which are not a problem on the mac yet, but I like
> to think
> ahead, to prevent small problems from becoming big problems)
>
> As for programs that aren't yet signed, the loader could ask the
> user if
> they want to run the program, and if the user says yes, then the
> loader
> could add a new segment that signs the mach-o file with the user's
> personal
> key.  From then on, unless the program was modified, the user would
> not be
> bothered.  Other programs (e.g., system libraries, etc.) would ship
> with
> signatures, and the certs for those signatures would be installed in
> the
> System keychain (or whatever is the Darwin equivalent).
>
> Also, I know there is the whole key management problem, etc.  I'm not
> concerned with that here; I'm only asking, is it possible to embed the
> signature in the mach-o file?
>
> Thanks,
> Cem Karan

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Prev by Date: Re: mach-o digital signature segment? (was: Re: mach-o section question)
  • Next by Date: Re: crash when throwing exception
  • Previous by thread: Re: crash when throwing exception
  • Next by thread: strptime cannot parse date older than 1938
  • Index(es):
    • Date
    • Thread