The correct way to identify applications in a kext
The correct way to identify applications in a kext
- Subject: The correct way to identify applications in a kext
- From: Juuso Salonen <email@hidden>
- Date: Thu, 12 May 2011 12:20:06 +0300
Many people on this list seem to be interested in identifying application names and paths inside ketxs. The answer is almost always the same: process names can't and shouldn't be relied on.
What, then, would be a good way to identify applications in a kext? There was a post a while back that suggested using code signing:
I was unable to find any relevant information about using code signing for kext development.
Let's say that I would like to create an NKE socket filter that denied Firefox's executable, firefox-bin, from opening any sockets. Is there something I can do inside the kext to get access to the process binary's signature? That would allow me to replace the discouraged proc_selfname() based check with a signature comparison.
If code signing is not the answer, are there other options?
I'm not actually looking for a secure method that would be difficult to bypass. (I currently have a hacky implementation that digs through the internal proc_t structure to locate a possible vnode to get the full path name. Of course, it can be bypassed simply by renaming or moving the application. Still, it works well enough for my purposes. The problem is that it is ugly and scarily fragile.)
BR,
Juuso Salonen
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden