On Sep 6, 2009, at 6:22 PM, Chris Suter wrote:
It's important to remember that code signatures are not really there
to prevent malware from running, or make it harder for hackers (since
it's trivial to remove a code signature or replace them other valid
signatures).
Well, you can always check that the signature is yours and not someone
else's at app startup.
Charles
P.S. I know it's trivial to replace the signature with another
signature, but to remove a signature? Are Apple's APIs really able to
do that, or are you just talking about hacking the Mach-O file
directly? I didn't see anything like that in the APIs.
_______________________________________________
Cocoa-dev mailing list ([email protected])
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com
This email sent to [email protected]
