Le 29 janv. 09 à 22:20, Jeremy Pereira a écrit :
On 29 Jan 2009, at 19:33, Mr. Gecko wrote:
I'm just going to use sscrypto framework for it...
If a malicious person can replace an executable with his own, he can
probably also replace a framework...
Why using a library when the libSystem provide hash functionality ?
/usr/include/CommonCrypto/CommonDigest.h
Regardless of any other problems, you've introduced a serious
weakness - a hacker just needs to temporarily change /sbin/md5 to
a shell script that cats the expected output. For that matter,
they could easily edit the binary to change the string "/sbin/md5"
to another path that does the deed (to avoid having to mess with
sbin each time)
If you are trying to write secure code, don't execute external
binaries that you have no control over and expect it to be secure.
Glenn Andreas [email protected]
<http://www.gandreas.com/> wicked fun!
JSXObjC | the easy way to unite JavaScript and Objective C
_______________________________________________
Cocoa-dev mailing list ([email protected])
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/cocoa-dev/adc%40jeremyp.net
This email sent to [email protected]
_______________________________________________
Cocoa-dev mailing list ([email protected])
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/cocoa-dev/devlists%40shadowlab.org
This email sent to [email protected]
_______________________________________________
Cocoa-dev mailing list ([email protected])
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com
This email sent to [email protected]
