0

When signing an app with Apple's codesign tool, it seems I might want to set the -o kill option:

Code with the kill flag set will die when it becomes dynamically invalid.

This corresponds to the kSecCodeSignatureForceKill constant to "Always set the kSecCodeStatusKill status flag on launch" which:

Indicates that the code wants to be killed (terminated) if it ever loses its validity.

Sounds great, but what does it really mean?

Naturally, if "anything" were to break my code's integrity during execution I would want the process killed. But what would that "something" be? Will this flag guard against any and all code injection attacks?

natevw
  • 16,807
  • 8
  • 66
  • 90

1 Answers1

1

The -o flag means precisely what you've described. If the code signature does not match the bundle contents that were signed then the process gets killed — simple as that. It's basically just a means discouraging, detering or making it harder for someone modify, inject, change, etc. anything within signed bundle contents.

Will this flag guard against any and all code injection attacks?

Definitely not. Code signatures are only useful within the environment that their trust is built around. Unfortunately once an application is "in the wild" anything is possible, and not all environments are built on such trust. Someone that is adept on how code signatures work can easily strip or re-codesign something in a matter of seconds, making the original signature essentially useless.

l'L'l
  • 44,951
  • 10
  • 95
  • 146