On Sun, Jan 25, 2009 at 3:19 AM, Kyle Sluder <kyle.slu...@gmail.com> wrote: > On Sat, Jan 24, 2009 at 9:29 PM, Michael Ash <michael....@gmail.com> wrote: >> I'm afraid I don't understand this advice. Could you explain what sort >> of vulnerability would exist in a custom install tool that would not >> exist when using Installer.app to install a custom package? > > It's vulnerable to a timing flaw. In order to securely install a > helper tool, the installation process must run as root. In order to > securely install an installer that runs as root, the installer > installer must run as root. In order to... > > Installer.app solves this problem because it's preconfigured to be > secure. You can invoke it to do the privileged installation for you > without opening yourself up to the possibility that in between copying > the file and its later invocation that its contents have been changed.
Instead of opening yourself up to the possibility that the contents of the installer binary have been changed, you open yourself up to the possibility that the contents of the installer .pkg have been changed. Doesn't seem any better to me. Mike _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
