• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Finding loaded kext binaries
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Finding loaded kext binaries

  • Subject: Re: Finding loaded kext binaries
  • From: Michael Smith <email@hidden>
  • Date: Sat, 17 Oct 2009 12:39:44 -0700

On Oct 16, 2009, at 9:48 PM, Rustam Muginov wrote:

What i am trying to do is:
enumerate all loaded kexts and check if they are codesigned and if signing authority is by apple.
As far as I understand this is impossible to check codesign info of the kext loaded into kernel from userspace, so i am trying to check the on-disk binaries.

There is no binding relationship between the file on disk and the object that was loaded into the kernel.  Be careful about what assumptions you make in this case; if you are trying to prevent someone from having any non-Apple extensions loaded, it would be trivial to move a replacement kext with the same bundle identifier into place on disk to replace a non-Apple kext once it has been loaded.

If you want to establish the signing provenance of loaded extensions you should request an API for this by filing a bug.

 = Mike


On Oct 17, 2009, at 7:58 AM, Michael Smith wrote:

Is it possible to locate the binary for an arbitrary kext, which may  
be outside of /System/Library/Extensions folder?
kextfind utility, as far as I understand, performing folder iteration  
and need to scan all the disk if kext binary is not located at the  
standard place.

In the general case, no.  Loaded kexts don't hold a reference on the file that they were loaded from, so the kext bundle may be (and often is) moved or deleted immediately after the kext is loaded.

The kext may also not have ever come from a regular kext bundle; it may have been loaded via one of several other mechanisms.

If you were to tell us a bit more about the problem you're trying to solve, we might be able to offer some more constructive suggestions...

 = Mike

--
The lyf so short, the craft so long to lerne -- Chaucer






--
Sincerely, Rustam Muginov




--
The lyf so short, the craft so long to lerne -- Chaucer





 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: Finding loaded kext binaries
      • From: Terry Lambert <email@hidden>
References: 
 >Re: Finding loaded kext binaries (From: Michael Smith <email@hidden>)
 >Re: Finding loaded kext binaries (From: Rustam Muginov <email@hidden>)

  • Prev by Date: Re: Finding loaded kext binaries
  • Next by Date: Re: Finding loaded kext binaries
  • Previous by thread: Re: Finding loaded kext binaries
  • Next by thread: Re: Finding loaded kext binaries
  • Index(es):
    • Date
    • Thread