Hi All,
I am using Mac OS X 10.5.8 and xcode v3.1.
I have created a Self Code signing identity using Keychain Access
application. The name of the Code signing identity is arun.
Using this identity i have signed a binary using the below command.
codesign -s arun -r=designated = anchor trusted -f
At 08:35 -0700 17/08/10, cocoa-dev-requ...@lists.apple.com wrote:
From: Arun arun...@gmail.com
Date: Tue, 17 Aug 2010 21:01:06 +0530
Message-ID: aanlktikry6mrgzogsksaga45oe72qev8gfpxqrnu9...@mail.gmail.com
Content-Type: text/plain
I am using Mac OS X 10.5.8 and xcode v3.1.
I have created a Self
The malicious code could just move the entire original bundle
wholesale. Code signature check still sees the original bundle.
Sent from my iPhone
On Oct 14, 2009, at 21:42, Charles Srstka cocoa...@charlessoft.com
wrote:
On Oct 14, 2009, at 11:40 PM, Jeff Laing wrote:
Actually, heck,
On Oct 15, 2009, at 9:57 AM, Clark S. Cox III wrote:
The malicious code could just move the entire original bundle
wholesale. Code signature check still sees the original bundle.
Sent from my iPhone
Presumably, this would be more noticeable to the user than simply
copying a binary file
On Oct 15, 2009, at 8:51 AM, Charles Srstka wrote:
Presumably, this would be more noticeable to the user than simply
copying a binary file inside an opaque app bundle that most users
never look inside.
The malicious code could also break the code sign checking APIs to
always return
On Thu, Oct 15, 2009 at 8:51 AM, Charles Srstka
cocoa...@charlessoft.com wrote:
On Oct 15, 2009, at 9:57 AM, Clark S. Cox III wrote:
The malicious code could just move the entire original bundle wholesale.
Code signature check still sees the original bundle.
Sent from my iPhone
On Oct 13, 2009, at 10:41 AM, Jens Alfke wrote:
This code sample seems to be designed to verify the binary that it's
compiled into. That's sort of useless for security purposes, like
yelling downstairs are you a burglar? If your own code's already
been modified, it's easy enough for the
On Wed, Oct 14, 2009 at 12:37 AM, Charles Srstka
cocoa...@charlessoft.com wrote:
On Oct 13, 2009, at 10:41 AM, Jens Alfke wrote:
This code sample seems to be designed to verify the binary that it's
compiled into. That's sort of useless for security purposes, like yelling
downstairs are you a
On Oct 14, 2009, at 10:50 AM, Clark Cox wrote:
You say that as if getting infected by and being specifically
targeted by a virus are different things. Either a virus has targeted
your application, and as such knows enough about it to modify it's
code (and therefore replace/defeat any signature
Actually, heck, you wouldn't even need that. All a virus would have to
do would be to move the binary somewhere else and put a binary in its
place that does something malicious and then launches the real binary,
and the user would never tell the difference.
Unless, of course, the app
On Oct 14, 2009, at 11:40 PM, Jeff Laing wrote:
Actually, heck, you wouldn't even need that. All a virus would have
to
do would be to move the binary somewhere else and put a binary in its
place that does something malicious and then launches the real
binary,
and the user would never tell
On Wed, Oct 14, 2009 at 9:35 PM, Charles Srstka
cocoa...@charlessoft.com wrote:
Unless, of course, the app checked its code signature.
Put malicious library in temp dir. Set DYLD_LIBRARY_PATH. Game over.
--Kyle Sluder
___
Cocoa-dev mailing list
Hi list,
I have read CodeSigningGuide and CodeSigningRef from Apple. In the
CodeSigningRef every method has a note, that it is available in 10.6
and later. So I just want to make sure.
On Leopard, there is now Cocoa or other API for verifying code
signatures. So if I want to verify e.g.
On 13 Oct 2009, at 08:34, Jakub Bednar wrote:
Hi list,
I have read CodeSigningGuide and CodeSigningRef from Apple. In the
CodeSigningRef every method has a note, that it is available in 10.6
and later. So I just want to make sure.
On Leopard, there is now Cocoa or other API for
This code sample seems to be designed to verify the binary that it's
compiled into. That's sort of useless for security purposes, like
yelling downstairs are you a burglar? If your own code's already
been modified, it's easy enough for the hacker to disable the code
that does the checking.
On 13 Oct 2009, at 16:41, Jens Alfke wrote:
That's sort of useless for security purposes, like yelling
downstairs are you a burglar?
But it's not useless in the sense that it provides feedback that the
code IS signed.
The code merely allows me to detect if I have screwed up my build
On Oct 13, 2009, at 9:25 AM, jonat...@mugginsoft.com wrote:
But it's not useless in the sense that it provides feedback that the
code IS signed.
The code merely allows me to detect if I have screwed up my build
settings and managed to break the code signing.
Sure, it's useful for that.
On 13 Oct 2009, at 19:28, Jens Alfke wrote:
On Oct 13, 2009, at 9:25 AM, jonat...@mugginsoft.com wrote:
But it's not useless in the sense that it provides feedback that
the code IS signed.
The code merely allows me to detect if I have screwed up my build
settings and managed to break
18 matches
Mail list logo
