site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... This email sent to site_archiver@lists.apple.com On Feb 20, 2009, at 6:47 AM, Tom Fortmann wrote: Can anyone point me to sample code on how to verify an application or process is signed? My application executes a couple other processes and I would like to validate their signatures before I blindly execute them. I’ve found a ton of Apple documentation on the theory but not a lot on practical application within my code. I’ve also looked at simply running the codesign utility and parsing its XML output, but this seems like a weak design. What is codesign gets replaced? Keep in mind that you'll be subject to a "time of check versus time of use" race condition. Even if you verify that the binaries on-disk are valid, someone could swap out the binary for an evil one just after the check and just before the exec(2). -- Damien Sorresso BSD Engineering Apple Inc. smime.p7s