On Thu, Oct 15, 2009 at 8:51 AM, Charles Srstka <cocoa...@charlessoft.com> wrote: > On Oct 15, 2009, at 9:57 AM, Clark S. Cox III wrote: > >> The malicious code could just move the entire original bundle wholesale. >> Code signature check still sees the original bundle. >> >> Sent from my iPhone > > Presumably, this would be more noticeable to the user than simply copying a > binary file inside an opaque app bundle that most users never look inside.
Not if the new opaque app bundle looks the same to the user (the new location of the application can be *within* a wrapper set up by the malicious code. Noticeable or not, the fact is that a check of your code signature, from within the same signed code is useless against malicious tampering. In order to detect malicious tampering, the code signature check must come from the outside. Period. Once the malicious code has the wherewithal to modify the application's code, there is nothing stopping it from modifying the signature check itself to always return true. -- Clark S. Cox III clarkc...@gmail.com _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
