You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There are a few items in his example that I think should be included in this project, since this has been around longer and I suspect many people have used this as a foundation in their apps eg
SecCodeCopyGuestWithAttributes should not validate using the PID
the signing requirements should include bundle identifier and minimum version
Unfortunately I feel unqualified to create a PR for this so thought I'd raise the issue here and see what others think.
I've just been reading the slides from Wojciech Reguła's talk "Abusing and Securing XPC in macOS Apps" (https://objectivebythesea.com/v3/talks/OBTS_v3_wReguła.pdf).
He has provided https://github.com/securing/SimpleXPCApp as a secure example of an XPC helper.
There are a few items in his example that I think should be included in this project, since this has been around longer and I suspect many people have used this as a foundation in their apps eg
SecCodeCopyGuestWithAttributesshould not validate using the PIDUnfortunately I feel unqualified to create a PR for this so thought I'd raise the issue here and see what others think.
Related, my earlier issue regarding security: #22
The text was updated successfully, but these errors were encountered: