All geek questions in one place

Verify Mac OS X Disk Image

Does anyone know what exactly happens behind the scenes when Mac OS X checks the disk image file (.dmg)? Is there a way to extend or customize the procedure?

EDIT: I would like to create a disk image that verifies that it is doing exactly what it should do, and nothing more. For example, if I distribute some password management software, an attacker could modify my package to send passwords to an unreasonable third party. For the end user, the functionality will be identical to my program, and they will never know that the package was sabotaged. I would like to perform this check during mount.

+4
source share
2 answers

As far as I know, you cannot change this procedure (unless you perform any system hacks that I do not recommend). I believe that it compares it with the internal checksum and ensures that the disk volume header is in order. It scans all files to see if any of them are damaged.

+6
source

My understanding of dmg is limited, but since I understand it, essentially, an osx-specific archive format similar to zips. One option would also be to distribute the checksum of your dmg. This is not very useful, as if an attacker could modify dmg user downloads from your site, they can also change the checksum.

The functionality that I think you are looking for is a code notation. This is a cryptographic check that the application has not been modified since it was signed by the author. There are some barriers to using this, since you need a developer certificate from the Apple developer program.

Apple's code documentation can be found here: https://developer.apple.com/library/mac/documentation/Security/Conceptual/CodeSigningGuide/Procedures/Procedures.html#//apple_ref/doc/uid/TP40005929-CH4-SW5

0
source

Source: https://habr.com/ru/post/1347611/

More articles:


All Articles