Re: Security With Show Package Contents?
On 12/01/2009 17:25, "Michael Ash" wrote: > On the Mac code signing is just a way for users to be able > to trust that an app is from who it says it's from. I agree that it the underlying technology has the capability to provide that, I'm not sure that code signing on the Mac currently does provide that trust. AFAICT it currently only lets users trust that app v1.0.1 came from the same people as app v1.0, and only then thanks to the _lack_ of any UI which would appear in the failure case - and only _THEN_ if the app tries to perform one of a small number of privileged operations. Cheers, Graham. -- Graham Lee Senior Macintosh Software Engineer, Sophos Plc. +44 1235 540266 http://www.sophos.com/ Sophos Plc, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, United Kingdom. Company Reg No 2096520. VAT Reg No GB 348 3873 20. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Security With Show Package Contents?
On Mon, Jan 12, 2009 at 12:10 PM, Michael Ash wrote: > And note that even when code signing *is* used as an anti-piracy > measure it doesn't really work. For evidence of this look at the > iPhone, whose ubiquitous code signing is used in a much more draconian > way on OS X Usually I just let typos go, but there's a serious chance for misunderstanding here. I meant to say "a much more draconian way THAN Mac OS X". On the Mac code signing is just a way for users to be able to trust that an app is from who it says it's from. On the phone it's used to rigidly control what can and cannot run, much more draconian. Mike ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Security With Show Package Contents?
On Mon, Jan 12, 2009 at 12:10 PM, Michael Ash wrote: > And note that even when code signing *is* used as an anti-piracy > measure it doesn't really work. For evidence of this look at the > iPhone, whose ubiquitous code signing is used in a much more draconian > way on OS X, and is intended to prevent piracy. No shortage of cracked > apps there. A very good point. I said, "highly-effective != impossible to crack" ... what I had erroneously referenced earlier is neither. :-) -- I.S. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Security With Show Package Contents?
On Mon, Jan 12, 2009 at 11:56 AM, I. Savant wrote: > On Mon, Jan 12, 2009 at 11:46 AM, Jean-Daniel Dupas > wrote: > >> The purpose of code sign is to prevent tempered code to be run inadvertently >> by an user, not to protect the binary itself. > > Agreed - see my retraction that immediately follows the message you > responded to. I misunderstood what I read about the technology months > ago and conceptual error when I read in more detail. > > I do admit wondering how OS X prevented merely swapping one > signature for another, which is what prompted me to read the > documentation in greater depth. :-) And note that even when code signing *is* used as an anti-piracy measure it doesn't really work. For evidence of this look at the iPhone, whose ubiquitous code signing is used in a much more draconian way on OS X, and is intended to prevent piracy. No shortage of cracked apps there. >> Note that there is a lots of app impossible to crack. We call them freeware >> ;-) > > Ah, the old "software should be free" meme. Cute but unrealistic > (and off-topic). Let's not get that religious debate going on > cocoa-dev ... I'm pretty sure that's not "software should be free", but rather pointing out the simple fact that the only uncrackable software is software which doesn't have any protections in the first place. It's not a commentary on what you *should* do, only that if you're going to put protections into your app, you need to be realistic about the ability of others to remove them. Mike ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Security With Show Package Contents?
On Mon, Jan 12, 2009 at 11:46 AM, Jean-Daniel Dupas wrote: > The purpose of code sign is to prevent tempered code to be run inadvertently > by an user, not to protect the binary itself. Agreed - see my retraction that immediately follows the message you responded to. I misunderstood what I read about the technology months ago and conceptual error when I read in more detail. I do admit wondering how OS X prevented merely swapping one signature for another, which is what prompted me to read the documentation in greater depth. :-) > Note that there is a lots of app impossible to crack. We call them freeware > ;-) Ah, the old "software should be free" meme. Cute but unrealistic (and off-topic). Let's not get that religious debate going on cocoa-dev ... -- I.S. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Security With Show Package Contents?
> Note that there is a lots of app impossible to crack. We call them freeware > ;-) clever :p ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Security With Show Package Contents?
Le 12 janv. 09 à 17:00, I. Savant a écrit : On Mon, Jan 12, 2009 at 10:49 AM, I. Savant wrote: The fact is, Apple ALREADY put a highly-effective* system into place: Code signing. A retraction: From the documentation (quoted below), the user can apparently run modified code anyway ... "It is not a digital rights management (DRM) or copy protection technology. Although the system could determine that a copy of your program had not been properly signed by you, or that its copy protection had been hacked, thus making the signature invalid, there is nothing to prevent the user from running the program anyway." I have nothing that needs any real copy protection, so I have not used this technology. This is one aspect of it that I had not realized. :-( My apologies for the noise. My earlier statement about "impossible to crack" is 100% accurate, however. :-) The purpose of code sign is to prevent tempered code to be run inadvertently by an user, not to protect the binary itself. An hacker can resign the modified app with its own certificate, so the modified app will be consider valid by the OS. How, but you can embed your certificate into your app, and check if an hacker changed the signature. Yes but the hacker will be able to replace your certificate with its own, or it can also modify the binary to skip the check. An eternal "mouse / cat" game that's not worth the price. Note that there is a lots of app impossible to crack. We call them freeware ;-) ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Security With Show Package Contents?
On Mon, Jan 12, 2009 at 10:49 AM, I. Savant wrote: > The fact is, Apple ALREADY put a highly-effective* system into > place: Code signing. A retraction: From the documentation (quoted below), the user can apparently run modified code anyway ... "It is not a digital rights management (DRM) or copy protection technology. Although the system could determine that a copy of your program had not been properly signed by you, or that its copy protection had been hacked, thus making the signature invalid, there is nothing to prevent the user from running the program anyway." I have nothing that needs any real copy protection, so I have not used this technology. This is one aspect of it that I had not realized. :-( My apologies for the noise. My earlier statement about "impossible to crack" is 100% accurate, however. :-) -- I.S. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Security With Show Package Contents?
On Mon, Jan 12, 2009 at 10:18 AM, Chunk 1978 wrote: > couldn't Apple implement > some sort of password protection or optional block on viewing package > contents with XCode so that apps are impossible to crack? Impossible to crack? I totally agree - they should also make it impossible for apps to crash, too! :-) Seriously, that's an impossibly tall order. There's just no way to make something impossible to crack (*or* crash for that matter, though you'll have a better chance at this than the cracking thing). The fact is, Apple ALREADY put a highly-effective* system into place: Code signing. http://developer.apple.com/documentation/Security/Conceptual/CodeSigningGuide/Introduction/chapter_1_section_1.html Caveat: This is supported only on 10.5 and above and is ignored on older systems (per the above-referenced page). To make good use of it, your app would need to simply *not work* on 10.4 and below. Not an issue for new products that would support only 10.5 or above, but worth pointing out nonetheless. * - "highly-effective" != "impossible to crack" -- I.S. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Security With Show Package Contents?
New Pages format is the same but zipped. On Mon, Jan 12, 2009 at 4:27 PM, Devon Ferns wrote: > Have you checked if the new Pages file format is now binary instead of a > package? That would be my guess. I don't see how you can stop anyone from > listing a directory structure. > > Devon > > Chunk 1978 wrote: > >> so i was a little put off after purchasing iWork '09, because i could >> no longer access "Show Package Contents" of my pages files. i >> generally used this to swap out images of the same size, or to color >> balance, etc. >> >> anyway, i started thinking about security of applications based on >> showing package contents. as far as i know the only way for someone >> to crack an application is to have access to the package contents >> which lists the Unix Executable File in the Mac OS folder. i guess >> there's also the possibility to swap out frameworks (particularly >> Aquatic Prime framework if the framework is installed instead of the >> Aquatic Prime library)... since apps are really just folders with a >> .app extension, wouldn't it be possible to disable "Show Package >> Contents", as with the new .pages files, so that it would make the app >> more secure (if not impossible to crack)? couldn't Apple implement >> some sort of password protection or optional block on viewing package >> contents with XCode so that apps are impossible to crack? >> >> this post is totally just me thinking out loud. i personally believe >> that if someone is going to download a cracked version of an app then >> either they wouldn't have bought a license anyway, or they don't have >> the money... i'm not trying to make an app of mine more secure. but >> i'd like to hear your thoughts about this. >> ___ >> >> Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) >> >> Please do not post admin requests or moderator comments to the list. >> Contact the moderators at cocoa-dev-admins(at)lists.apple.com >> >> Help/Unsubscribe/Update your Subscription: >> http://lists.apple.com/mailman/options/cocoa-dev/dferns%40devonferns.com >> >> This email sent to dfe...@devonferns.com >> > ___ > > Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) > > Please do not post admin requests or moderator comments to the list. > Contact the moderators at cocoa-dev-admins(at)lists.apple.com > > Help/Unsubscribe/Update your Subscription: > http://lists.apple.com/mailman/options/cocoa-dev/jjalon%40gmail.com > > This email sent to jja...@gmail.com > ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Security With Show Package Contents?
On 12/01/2009 15:18, "Chunk 1978" wrote: > anyway, i started thinking about security of applications based on > showing package contents. as far as i know the only way for someone > to crack an application is to have access to the package contents > which lists the Unix Executable File in the Mac OS folder. No, it's not. > since apps are really just folders with a > .app extension, wouldn't it be possible to disable "Show Package > Contents", as with the new .pages files, so that it would make the app > more secure (if not impossible to crack)? I don't see how that would make anything more secure, just as marking files as 'hidden' doesn't. With some appropriate changes to the code signing mechanism, interface and requirements they could make it hard - though not impossible - for cracked apps to act as drop-in replacements for their legitimate antecedents. But I'm pretty sure that while it's possible people will do it, even if the pay-off were to disappear :-( Graham. -- Graham Lee Senior Macintosh Software Engineer, Sophos Plc. +44 1235 540266 http://www.sophos.com/ Sophos Plc, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, United Kingdom. Company Reg No 2096520. VAT Reg No GB 348 3873 20. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Security With Show Package Contents?
Have you checked if the new Pages file format is now binary instead of a package? That would be my guess. I don't see how you can stop anyone from listing a directory structure. Devon Chunk 1978 wrote: so i was a little put off after purchasing iWork '09, because i could no longer access "Show Package Contents" of my pages files. i generally used this to swap out images of the same size, or to color balance, etc. anyway, i started thinking about security of applications based on showing package contents. as far as i know the only way for someone to crack an application is to have access to the package contents which lists the Unix Executable File in the Mac OS folder. i guess there's also the possibility to swap out frameworks (particularly Aquatic Prime framework if the framework is installed instead of the Aquatic Prime library)... since apps are really just folders with a .app extension, wouldn't it be possible to disable "Show Package Contents", as with the new .pages files, so that it would make the app more secure (if not impossible to crack)? couldn't Apple implement some sort of password protection or optional block on viewing package contents with XCode so that apps are impossible to crack? this post is totally just me thinking out loud. i personally believe that if someone is going to download a cracked version of an app then either they wouldn't have bought a license anyway, or they don't have the money... i'm not trying to make an app of mine more secure. but i'd like to hear your thoughts about this. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/dferns%40devonferns.com This email sent to dfe...@devonferns.com ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Security With Show Package Contents?
AFAIK that would be impossible because someone would just find away around the protection. There has to be a way to unprotect the app otherwise the file system would not be able to access the binary file. If the file system has a way to access it, someone will figure that out and then they will be able to access it. Trying to make an app un-crackable is not worth the time or effort, if it was feasible they would be doing it with OS's like OS X and Windows and even the big guys like Adobe. Joseph Crawford On Jan 12, 2009, at 10:18 AM, Chunk 1978 wrote: so i was a little put off after purchasing iWork '09, because i could no longer access "Show Package Contents" of my pages files. i generally used this to swap out images of the same size, or to color balance, etc. anyway, i started thinking about security of applications based on showing package contents. as far as i know the only way for someone to crack an application is to have access to the package contents which lists the Unix Executable File in the Mac OS folder. i guess there's also the possibility to swap out frameworks (particularly Aquatic Prime framework if the framework is installed instead of the Aquatic Prime library)... since apps are really just folders with a .app extension, wouldn't it be possible to disable "Show Package Contents", as with the new .pages files, so that it would make the app more secure (if not impossible to crack)? couldn't Apple implement some sort of password protection or optional block on viewing package contents with XCode so that apps are impossible to crack? this post is totally just me thinking out loud. i personally believe that if someone is going to download a cracked version of an app then either they wouldn't have bought a license anyway, or they don't have the money... i'm not trying to make an app of mine more secure. but i'd like to hear your thoughts about this. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/codebowl%40gmail.com This email sent to codeb...@gmail.com ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com