加载之前检查OSX包的签名 [英] Check signature of OSX bundle before load

问题描述

目标：加载.so / .bundle已被验证为签名（或根据任意算法进行验证）。

Goal: Load .so/.bundle that has been verified to be signed (or verified against an arbitrary algorithm).

我想能够验证.so / .bundle使用OSX的内置二进制签名工具或一些自定义算法，然后加载.so / .bundle与dlopen ...

I want to be able to verify a .so/.bundle either using OSX's builtin binary signature tools or some custom algorithm and then load that .so/.bundle with dlopen...

这个扳手是似乎没有程序化的方式来检查然后加载。人们可以手动检查文件，然后加载它。但是有一个机会的机会，有人可以将该文件交换出来另一个。

The wrench in this is that there seems to be no programmatic way to check-then-load. One could check the file manually and then load it after.. however there is a window-of-opportunity within which someone could swap out that file for another.

由于文件系统锁是OSX的咨询，它们对于此目的不是很有用。

Since filesystem locks are advisory in OSX, they are not so useful for this purpose.

推荐答案

您可以存储* .so的sha256sum或* .dylib文件中的签名。验证证书后，您可以将* .so或* .dylib复制到随机临时位置，然后验证复制的* .so或* .dylib是否具有给定的校验和。如果是这样，那么你可以动态加载副本。可能还有一小段机会覆盖随机临时文件，但我认为这将是相当小的。我想你可以在调用dlopen之后但在调用dlsym之前重新验证校验和。如果校验和不匹配，则可以调用dlcose卸载库，而不执行任何函数。

You can store an sha256sum of the *.so or *.dylib file in the signature. After you've validated the certificate, you can copy the *.so or *.dylib to a random temporary location, and then verify that the copied *.so or *.dylib has the given check sum. If it does, then you can dynamically load the copy. There might still be a small window of opportunity to overwrite the random temporary file, but I imagine it would be quite small. I suppose you could reverify the checksum after you call dlopen but before you call dlsym. If the checksum doesn't match, then you can call dlcose to unload the library, without executing any functions in it.

这篇关于加载之前检查OSX包的签名的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！