Re: Code Signing Examples
Re: Code Signing Examples
- Subject: Re: Code Signing Examples
- From: Tim Murison <email@hidden>
- Date: Fri, 20 Feb 2009 16:26:20 -0500
- Thread-topic: Code Signing Examples
> That is a good point. Someone else also pointed out that once a hacker gets
> root authority all bets are off. Ideally this level of authentication
> belongs in the OS. Once a signed application or process is installed the OS
> should enforce the signature before executing the process. Not sure if this
> can be done with 10.5 or 10.6. And I'm not sure how you prevent someone
> from replacing the module with a corrupt unsigned version. For now we are
> just looking for a reasonable approach to validate the authenticity of our
> application components.
Once the process is running, the code signing API allows you to check the
signature of the process based on its PID.
You might also want to investigate the "hard" and "kill" options to
codesign. My understanding is that "hard" should prevent (in some cases, not
sure which) applications with broken signatures from running, and "kill"
should kill the process when its signature becomes invalid (again, not sure
in which cases).
***********************************************************************
This e-mail and its attachments are confidential, legally privileged, may be subject to copyright and sent solely for the attention of the addressee(s).
Any unauthorized use or disclosure is prohibited. Statements and opinions expressed in this e-mail may not represent those of Radialpoint.
Le contenu de ce courriel est confidentiel, privilégié et peut être soumis à des droits d'auteur. Il est envoyé à l'intention exclusive de son ou de ses
destinataires. Il est interdit de l'utiliser ou de le divulguer sans autorisation. Les opinions exprimées dans le présent courriel peuvent diverger de celles de Radialpoint.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden