On Jan 24, 2009, at 6:29 PM, Michael Ash wrote:
On Sat, Jan 24, 2009 at 6:08 PM, Chris Hanson <c...@me.com> wrote:
Among other things, to be truly secure you must use a secure
installation
mechanism. Do not write your own install tool — it can't be made
secure
without itself being installed via a secure installation mechanism.
Instead, use Installer.app for your installations since it's
included with
the operating system and not modifiable with normal user privileges.
I'm afraid I don't understand this advice. Could you explain what sort
of vulnerability would exist in a custom install tool that would not
exist when using Installer.app to install a custom package?
Because Installer.app is installed by the operating system you can -
if you've taken appropriate security measures to begin with - be
reasonably certain that it hasn't been tampered with.
When writing your own install tool, you have a bootstrapping problem:
You will eventually need to have the user authorize some untrusted
code to run as root - code that could have been modified behind the
user's back.
An installer package could also have been writable by the user, but
modern packages can be signed so their integrity can be checked.
-- Chris
_______________________________________________
Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com
This email sent to arch...@mail-archive.com
