Prebinding makes OSX less secure

Rosyna points out this issue with OSX’s prebinding at unsanity.org:
Prebinding could be a security risk. Not in of itself, but indirectly. You cannot use the checksum of an executable to determine if it has been modified by another or not on OS X. Incidental, yes. Not very important, indeed. But it is one wall that is not there.

Try it:

md5 /bin/mv
MD5 (/bin/mv) = efeb7727e40c597fa33953e551c9979d

Looks fine, no? Well, let us redo the prebinding:

sudo redo_prebinding /bin/mv
md5 /bin/mv
MD5 (/bin/mv) = fe7369c88c3a9220ad803ba3e56bbe06

The checksum has changed. While I am sure that there are better ways to get a checksum none are the answer. And AFAIK, dyld doesn’t store the executable’s actual checksum anywehere.

One response to “Prebinding makes OSX less secure

  1. Only that it wasn't Rosyna that pointed it out but Avi Drissman as said in the blog.