Securely updating silently
Securely updating silently
- Subject: Securely updating silently
- From: Rick Mann <email@hidden>
- Date: Mon, 6 Apr 2009 17:02:39 -0700
Seven silly swans?
We have a product (call it "KC", currently a prefs pane/agent) that
gets installed the first time by the user downloading a .dmg, running
the installer, authenticating, and everything is fine.
This product communicates with a server product we sell. When the
server updates, there is the potential for there to be a new KC to be
available, and the old version installed no longer works. We have a
strong desire for the installed version to automatically, and
silently, update to the newer version. We've found a way to do this,
using helper tool and setuid, etc.
But, I believe it becomes a huge security hole. The helper tool must
be passed a path to something, either the new installer package, or
another app to run (in case we move away from Apple's installer in the
future). In all cases, this poses a security risk, because someone can
pass arbitrary paths to this same app.
It seems that it should be possible to sign the various elements in
order to make this process secure (the helper could validate the
signatures), but I'm not sure of the best way.
Recommendations? And please refrain from recommending against the
silent update. I'm fighting that battle internally, but have to find
solutions to the desired behavior in the meantime.
TIA!
--
Rick
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Installer-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden