packagesdev
commented
1 month ago This seems more a question for Apple since this is their installation mechanism. Your plugin is codesigned?
Open ShangLin-Wu opened 1 month ago
packagesdev
commented
1 month ago This seems more a question for Apple since this is their installation mechanism. Your plugin is codesigned?
ShangLin-Wu
commented
1 month ago @packagesdev , yes, our plugin has been codesigned. May I ask the packages can preserve the scripts and plugins' ACL?
Hi, I found in /private/var/log/installer.log that when opening a pkg, the installer stores the customized plugin bundle and installation requirements external to scripts in the following path: "TMPDIR=/var/folders/6k/8rj2bz5zv9kqw6s5btc0000gn/T/com.apple.install.XXXXXX".
If I replace the plugin bundle before clicking "Allow" in Figure 1, the content of the installer screen will be altered to an invalid plugin bundle. It could be achievable by the attackers to replace the files programmatically even in the shortest time interval. I tried modifying the ACL of the bundle and scripts before packaging the pkg, but the ACL gets reverted to its original state after opening the pkg.
Regarding 'plugin bundle' and 'installation requirements external scripts,' since the com.apple.install.xxx folder name is randomly generated, is there a way to perform integration checks through the installer? Or what methods can be used to prevent the bundle and scripts from being tampered with? Any suggestions would be appreciated. Thank you!
figure 1.
figure 2.