Re: Code Signing Examples
Re: Code Signing Examples
- Subject: Re: Code Signing Examples
- From: Damien Sorresso <email@hidden>
- Date: Fri, 20 Feb 2009 12:39:44 -0800
On Feb 20, 2009, at 6:47 AM, Tom Fortmann wrote:
Can anyone point me to sample code on how to verify an application
or process is signed? My application executes a couple other
processes and I would like to validate their signatures before I
blindly execute them. I’ve found a ton of Apple documentation on
the theory but not a lot on practical application within my code.
I’ve also looked at simply running the codesign utility and parsing
its XML output, but this seems like a weak design. What is codesign
gets replaced?
Keep in mind that you'll be subject to a "time of check versus time of
use" race condition. Even if you verify that the binaries on-disk are
valid, someone could swap out the binary for an evil one just after
the check and just before the exec(2).
--
Damien Sorresso
BSD Engineering
Apple Inc.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden