From: Apple Date: Tue, 15 Jan 2008 22:13:59 +0000 (+0000) Subject: libsecurity_codesigning-32953.tar.gz X-Git-Tag: mac-os-x-1052^0 X-Git-Url: https://git.saurik.com/apple/libsecurity_codesigning.git/commitdiff_plain/f684277642892bee670ae661b409d00168204e90 libsecurity_codesigning-32953.tar.gz --- diff --git a/lib/CodeSigner.cpp b/lib/CodeSigner.cpp index 6514c24..da36284 100644 --- a/lib/CodeSigner.cpp +++ b/lib/CodeSigner.cpp @@ -41,14 +41,6 @@ namespace CodeSigning { using namespace UnixPlusPlus; -// -// The allocation helper -// -static const char helperName[] = "codesign_allocate"; -static const char helperPath[] = "/usr/bin/codesign_allocate"; -static const size_t csAlign = 16; - - // // A helper for parsing out a CFDictionary signing-data specification // diff --git a/lib/macho++.cpp b/lib/macho++.cpp index 9c5572b..11eb33b 100644 --- a/lib/macho++.cpp +++ b/lib/macho++.cpp @@ -62,7 +62,12 @@ const char *Architecture::name() const { if (const NXArchInfo *info = NXGetArchInfoFromCpuType(cpuType(), cpuSubtype())) return info->name; - else + else if (cpuType() == CPU_TYPE_ARM) { // work-around for non-ARM Leopard systems + if (cpuSubtype() == CPU_SUBTYPE_ARM_V6) + return "armv6"; + else + return "arm"; + } else return NULL; } diff --git a/lib/reqinterp.cpp b/lib/reqinterp.cpp index 0c20659..b661b17 100644 --- a/lib/reqinterp.cpp +++ b/lib/reqinterp.cpp @@ -35,6 +35,10 @@ namespace Security { namespace CodeSigning { +static CFStringRef appleIntermediateCN = CFSTR("Apple Code Signing Certification Authority"); +static CFStringRef appleIntermediateO = CFSTR("Apple Inc."); + + // // Construct an interpreter given a Requirement and an evaluation context. // @@ -61,14 +65,7 @@ bool Requirement::Interpreter::evaluate() case opIdent: return getString() == mContext->directory->identifier(); case opAppleAnchor: - if (SecCertificateRef cert = mContext->cert(anchorCert)) - return verifyAnchor(cert, appleAnchorHash()) -#if defined(TEST_APPLE_ANCHOR) - || verifyAnchor(cert, testAppleAnchorHash()) -#endif - ; - else - return false; + return appleSigned(); case opAnchorHash: { SecCertificateRef cert = mContext->cert(get()); @@ -189,6 +186,26 @@ bool Requirement::Interpreter::certFieldValue(const string &key, const Match &ma } +// +// Check the Apple-signed condition +// +bool Requirement::Interpreter::appleSigned() +{ + if (SecCertificateRef cert = mContext->cert(anchorCert)) + if (verifyAnchor(cert, appleAnchorHash()) +#if defined(TEST_APPLE_ANCHOR) + || verifyAnchor(cert, testAppleAnchorHash()) +#endif + ) + if (SecCertificateRef intermed = mContext->cert(-2)) // first intermediate + // first intermediate common name match (exact) + if (certFieldValue("subject.CN", Match(appleIntermediateCN, matchEqual), intermed) + && certFieldValue("subject.O", Match(appleIntermediateO, matchEqual), intermed)) + return true; + return false; +} + + // // Verify an anchor requirement against the context // diff --git a/lib/reqinterp.h b/lib/reqinterp.h index 222bd17..ebeed8d 100644 --- a/lib/reqinterp.h +++ b/lib/reqinterp.h @@ -60,6 +60,7 @@ protected: bool infoKeyValue(const std::string &key, const Match &match); bool certFieldValue(const string &key, const Match &match, SecCertificateRef cert); bool verifyAnchor(SecCertificateRef cert, const unsigned char *digest); + bool appleSigned(); bool trustedCerts(); bool trustedCert(int slot); diff --git a/lib/signerutils.cpp b/lib/signerutils.cpp index e005e82..c270ed2 100644 --- a/lib/signerutils.cpp +++ b/lib/signerutils.cpp @@ -34,6 +34,12 @@ #include #include +// for helper validation +#include "Code.h" +#include "cfmunge.h" +#include + + namespace Security { namespace CodeSigning { @@ -43,6 +49,7 @@ namespace CodeSigning { // static const char helperName[] = "codesign_allocate"; static const char helperPath[] = "/usr/bin/codesign_allocate"; +static const char helperOverride[] = "CODESIGN_ALLOCATE"; static const size_t csAlign = 16; @@ -135,6 +142,13 @@ MachOEditor::MachOEditor(DiskRep::Writer *w, Universal &code, std::string srcPat : ArchEditor(code, w->attributes()), writer(w), sourcePath(srcPath), tempPath(srcPath + ".cstemp"), mNewCode(NULL), mTempMayExist(false) { + if (const char *path = getenv(helperOverride)) { + mHelperPath = path; + mHelperOverridden = true; + } else { + mHelperPath = helperPath; + mHelperOverridden = false; + } } MachOEditor::~MachOEditor() @@ -142,6 +156,24 @@ MachOEditor::~MachOEditor() delete mNewCode; if (mTempMayExist) ::remove(tempPath.c_str()); // ignore error (can't do anything about it) + + //@@@ this code should be in UnixChild::kill() -- migrate it there + if (state() == alive) { + this->kill(SIGTERM); // shoot it once + checkChildren(); // check for quick death + if (state() == alive) { + usleep(500000); // give it some grace + if (state() == alive) { // could have been reaped by another thread + checkChildren(); // check again + if (state() == alive) { // it... just... won't... die... + this->kill(SIGKILL); // take THAT! + checkChildren(); + if (state() == alive) // stuck zombie + abandon(); // leave the body behind + } + } + } + } } @@ -170,6 +202,23 @@ void MachOEditor::allocate() mNewCode = new Universal(mFd); } +static const unsigned char appleReq[] = { // anchor apple + 0xfa, 0xde, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x03, +}; + +void MachOEditor::parentAction() +{ + if (mHelperOverridden) { + secdebug("machoedit", "validating alternate codesign_allocate at %s (pid=%d)", mHelperPath, this->pid()); + // check code identity of an overridden allocation helper + SecPointer code = new SecStaticCode(DiskRep::bestGuess(mHelperPath)); + code->validateDirectory(); + code->validateExecutable(); + code->validateResources(); + code->validateRequirements((const Requirement *)appleReq, errSecCSReqFailed); + } +} + void MachOEditor::childAction() { vector arguments; @@ -183,13 +232,26 @@ void MachOEditor::childAction() char *size; // we'll leak this (execv is coming soon) asprintf(&size, "%d", LowLevelMemoryUtilities::alignUp(it->second->blobSize, csAlign)); secdebug("machoedit", "preparing %s size=%s", it->first.name(), size); - arguments.push_back("-a"); - arguments.push_back(it->first.name()); + + if (const char *arch = it->first.name()) { + arguments.push_back("-a"); + arguments.push_back(arch); + } else { + arguments.push_back("-A"); + char *anum; + asprintf(&anum, "%d", it->first.cpuType()); + arguments.push_back(anum); + asprintf(&anum, "%d", it->first.cpuSubtype()); + arguments.push_back(anum); + } arguments.push_back(size); } arguments.push_back(NULL); + + if (mHelperOverridden) + ::csops(0, CS_EXEC_SET_KILL, NULL, 0); // force code integrity ::seteuid(0); // activate privilege if caller has it; ignore error if not - execv(helperPath, (char * const *)&arguments[0]); + execv(mHelperPath, (char * const *)&arguments[0]); } void MachOEditor::reset(Arch &arch) diff --git a/lib/signerutils.h b/lib/signerutils.h index 827c11e..2c0f958 100644 --- a/lib/signerutils.h +++ b/lib/signerutils.h @@ -168,9 +168,14 @@ public: private: void childAction(); + void parentAction(); + Universal *mNewCode; UnixPlusPlus::AutoFileDesc mFd; bool mTempMayExist; + + const char *mHelperPath; + bool mHelperOverridden; }; diff --git a/libsecurity_codesigning.xcodeproj/project.pbxproj b/libsecurity_codesigning.xcodeproj/project.pbxproj index 6de0c93..98e944d 100644 --- a/libsecurity_codesigning.xcodeproj/project.pbxproj +++ b/libsecurity_codesigning.xcodeproj/project.pbxproj @@ -997,7 +997,7 @@ isa = XCBuildConfiguration; buildSettings = { BUILD_VARIANTS = debug; - CURRENT_PROJECT_VERSION = 32568; + CURRENT_PROJECT_VERSION = 32953; FRAMEWORK_SEARCH_PATHS = ( /usr/local/SecurityPieces/Frameworks, /usr/local/SecurityPieces/Components/Security, @@ -1047,7 +1047,7 @@ normal, debug, ); - CURRENT_PROJECT_VERSION = 32568; + CURRENT_PROJECT_VERSION = 32953; FRAMEWORK_SEARCH_PATHS = ( /usr/local/SecurityPieces/Frameworks, /usr/local/SecurityPieces/Components/Security, @@ -1095,7 +1095,7 @@ normal, debug, ); - CURRENT_PROJECT_VERSION = 32568; + CURRENT_PROJECT_VERSION = 32953; FRAMEWORK_SEARCH_PATHS = ( /usr/local/SecurityPieces/Frameworks, /usr/local/SecurityPieces/Components/Security,