undefined | Better HN

0 pointscjbprime6y ago0 comments

I think you need OS codesigning integration for this threat model. Otherwise whatever special app runtime check code you add just gets removed by the malicious overwrite of your app code.

0 comments

some_furry6y ago

I'm just doing this for secure updates, so that malware doesn't get delivered through the update mechanism. For precedent, see https://core.trac.wordpress.org/ticket/39309

It isn't meant to mitigate a compromised endpoint.

j / k navigate · click thread line to collapse

0 pointscjbprime6y ago0 comments

I think you need OS codesigning integration for this threat model. Otherwise whatever special app runtime check code you add just gets removed by the malicious overwrite of your app code.

0 comments

some_furry6y ago

I'm just doing this for secure updates, so that malware doesn't get delivered through the update mechanism. For precedent, see https://core.trac.wordpress.org/ticket/39309

It isn't meant to mitigate a compromised endpoint.

j / k navigate · click thread line to collapse