Verify identity of process attaching to cdev #45

droe · 2018-09-20T07:19:57Z

The kext should verify the identity of the userspace process attaching to /dev/xnumon based on its code signature and refuse attaching if the code is unsigned or signed by the wrong team.

The text was updated successfully, but these errors were encountered:

Issue: #45

droe · 2018-09-20T23:42:28Z

This seems not to be easily possible with the current cdev interface and using supported KPIs only, because the KPIs in bsd/sys/codesign.h are private.

droe · 2018-09-21T20:29:15Z

Reference: https://forums.developer.apple.com/thread/108803

droe added pri:high type:maturity code maturity and technical debt type:kext labels Sep 20, 2018

droe self-assigned this Sep 20, 2018

droe mentioned this issue Sep 20, 2018

Ship signed kext #6

Closed

droe added this to the 0.1.7 milestone Sep 20, 2018

droe added a commit that referenced this issue Sep 20, 2018

Verify identity of code attaching to cdev - requires private KPIs

61ba0d7

Issue: #45

droe removed this from the 0.1.7 milestone Sep 20, 2018

droe removed the pri:high label Sep 20, 2018

droe added the  label Sep 20, 2018

droe added status:blocked depends on other unresolved issue, github or external and removed  labels Sep 21, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Verify identity of process attaching to cdev #45

Verify identity of process attaching to cdev #45

droe commented Sep 20, 2018

droe commented Sep 20, 2018

droe commented Sep 21, 2018

Verify identity of process attaching to cdev #45

Verify identity of process attaching to cdev #45

Comments

droe commented Sep 20, 2018

droe commented Sep 20, 2018

droe commented Sep 21, 2018