Validate code signature as well.

This commit is contained in:
Max Goedjen 2020-03-17 22:59:03 -07:00
parent d35c58509b
commit 32f0ed88f4
No known key found for this signature in database
GPG Key ID: E58C21DD77B9B8E8
3 changed files with 12 additions and 2 deletions

View File

@ -7,10 +7,13 @@
// //
#import <Foundation/Foundation.h> #import <Foundation/Foundation.h>
#import <Security/Security.h>
// Forward declaration of proc_pidpath from libproc.h // Forward declaration of proc_pidpath from libproc.h
int proc_pidpath(int pid, void * buffer, uint32_t buffersize); int proc_pidpath(int pid, void * buffer, uint32_t buffersize);
OSStatus SecCodeCreateWithPID(int32_t, SecCSFlags, SecCodeRef *);
//! Project version number for SecretAgentKit. //! Project version number for SecretAgentKit.
FOUNDATION_EXPORT double SecretAgentKitVersionNumber; FOUNDATION_EXPORT double SecretAgentKitVersionNumber;

View File

@ -25,12 +25,14 @@ extension SigningRequestProvenance {
public let pid: Int32 public let pid: Int32
public let name: String public let name: String
public let path: String public let path: String
public let validSignature: Bool
let parentPID: Int32? let parentPID: Int32?
init(pid: Int32, name: String, path: String, parentPID: Int32?) { init(pid: Int32, name: String, path: String, validSignature: Bool, parentPID: Int32?) {
self.pid = pid self.pid = pid
self.name = name self.name = name
self.path = path self.path = path
self.validSignature = true
self.parentPID = parentPID self.parentPID = parentPID
} }

View File

@ -1,5 +1,6 @@
import Foundation import Foundation
import AppKit import AppKit
import Security
struct SigningRequestTracer { struct SigningRequestTracer {
@ -32,7 +33,11 @@ struct SigningRequestTracer {
let pathPointer = UnsafeMutablePointer<UInt8>.allocate(capacity: Int(MAXPATHLEN)) let pathPointer = UnsafeMutablePointer<UInt8>.allocate(capacity: Int(MAXPATHLEN))
_ = proc_pidpath(pid, pathPointer, UInt32(MAXPATHLEN)) _ = proc_pidpath(pid, pathPointer, UInt32(MAXPATHLEN))
let path = String(cString: pathPointer) let path = String(cString: pathPointer)
return SigningRequestProvenance.Process(pid: pid, name: procName, path: path, parentPID: ppid) var secCode: Unmanaged<SecCode>!
let flags: SecCSFlags = [SecCSFlags.considerExpiration, SecCSFlags.enforceRevocationChecks]
SecCodeCreateWithPID(pid, SecCSFlags(), &secCode)
let valid = SecCodeCheckValidity(secCode.takeRetainedValue(), flags, nil) == ERR_SUCCESS
return SigningRequestProvenance.Process(pid: pid, name: procName, path: path, validSignature: valid, parentPID: ppid)
} }
} }