site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com Thread-index: AcmTm13RnDFBsFkXTMGzTyCoOkhgzQAAxBsQ That is a good point. Someone else also pointed out that once a hacker gets root authority all bets are off. Ideally this level of authentication belongs in the OS. Once a signed application or process is installed the OS should enforce the signature before executing the process. Not sure if this can be done with 10.5 or 10.6. And I'm not sure how you prevent someone from replacing the module with a corrupt unsigned version. For now we are just looking for a reasonable approach to validate the authenticity of our application components. ___________________________________ Thomas Fortmann Director of Development Xcape Solutions, Inc. 207 Crystal Grove Blvd. Lutz, FL 33548 TEL 847 228 9831 www.xcapesolutions.net tfortmann@xcapesolutions.net -----Original Message----- From: Damien Sorresso [mailto:dsorresso@apple.com] Sent: Friday, February 20, 2009 2:40 PM To: Tom Fortmann Cc: cocoa-dev@lists.apple.com; darwin-dev@lists.apple.com Subject: Re: Code Signing Examples On Feb 20, 2009, at 6:47 AM, Tom Fortmann wrote:
Can anyone point me to sample code on how to verify an application or process is signed? My application executes a couple other processes and I would like to validate their signatures before I blindly execute them. I've found a ton of Apple documentation on the theory but not a lot on practical application within my code. I've also looked at simply running the codesign utility and parsing its XML output, but this seems like a weak design. What is codesign gets replaced?
Keep in mind that you'll be subject to a "time of check versus time of use" race condition. Even if you verify that the binaries on-disk are valid, someone could swap out the binary for an evil one just after the check and just before the exec(2). -- Damien Sorresso BSD Engineering Apple Inc. _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... This email sent to site_archiver@lists.apple.com