droe
commented
5 years ago This seems not to be easily possible with the current cdev interface and using supported KPIs only, because the KPIs in bsd/sys/codesign.h are private.
Open droe opened 5 years ago
droe
commented
5 years ago This seems not to be easily possible with the current cdev interface and using supported KPIs only, because the KPIs in bsd/sys/codesign.h are private.
droe
commented
5 years ago
The kext should verify the identity of the userspace process attaching to
/dev/xnumonbased on its code signature and refuse attaching if the code is unsigned or signed by the wrong team.