Re: Patching an application (long)

FROM : Chris Hanson
DATE : Thu Jan 16 21:52:41 2003

At 10:22 AM -0800 1/16/03, Buddy Kurz wrote:
>I'm not usually paranoid (no matter what they say) but I would
>prefer that my trusted applications remain trustworthy!
>Any thoughts or reassurances on this?


It is a serious security problem.

My hope is that Apple will fix it, perhaps by only allowing non-root
tools signed with a special private key to manipulate other
processes' address spaces without a warning dialog of some sort.
(Tools running as root would be able to do it just as they can now.)
That way, debuggers would still be able to work fine -- since their
developers could submit their binaries to Apple for signing -- but
this patching garbage would stop.

  -- Chris

--
Chris Hanson, bDistributed.com, Inc.  |  Email: <email_removed>
Custom Application Development        |  Phone: +1-847-372-3955
http://bdistributed.com/              |  Fax:  +1-847-589-3738
http://bdistributed.com/Articles/    |  Personal Email: <email_removed>
_______________________________________________
cocoa-dev mailing list | <email_removed>
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.