That is a good point. Someone else also pointed out that once a hacker gets root authority all bets are off. Ideally this level of authentication belongs in the OS. Once a signed application or process is installed the OS should enforce the signature before executing the process. Not sure if this can be done with 10.5 or 10.6. And I'm not sure how you prevent someone from replacing the module with a corrupt unsigned version. For now we are just looking for a reasonable approach to validate the authenticity of our application components.
___________________________________ Thomas Fortmann Director of Development Xcape Solutions, Inc. 207 Crystal Grove Blvd. Lutz, FL 33548 TEL 847 228 9831 www.xcapesolutions.net [email protected] -----Original Message----- From: Damien Sorresso [mailto:[email protected]] Sent: Friday, February 20, 2009 2:40 PM To: Tom Fortmann Cc: [email protected]; [email protected] Subject: Re: Code Signing Examples On Feb 20, 2009, at 6:47 AM, Tom Fortmann wrote: > Can anyone point me to sample code on how to verify an application > or process is signed? My application executes a couple other > processes and I would like to validate their signatures before I > blindly execute them. I've found a ton of Apple documentation on > the theory but not a lot on practical application within my code. > I've also looked at simply running the codesign utility and parsing > its XML output, but this seems like a weak design. What is codesign > gets replaced? Keep in mind that you'll be subject to a "time of check versus time of use" race condition. Even if you verify that the binaries on-disk are valid, someone could swap out the binary for an evil one just after the check and just before the exec(2). -- Damien Sorresso BSD Engineering Apple Inc. _______________________________________________ Cocoa-dev mailing list ([email protected]) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to [email protected]
