Sometimes, when one is installing a programme, a dialogue box will appear asking for an administrator password to allow the installer to ‘make changes’. That seems fine, but wouldn’t it be easy for an installer to fake this and send the password back to the author (and the IP etc.)? Is there a way to make sure this diologue box is indeed from the OS? (And see what exactly is being allowed?)
Asked
Active
Viewed 361 times
1 Answers
3
I just wrote this Apple Script that tests if:
- SecurityAgent is running.
- SecurityAgent is displaying something.
- SecurityAgent lives at the correct location.
SecurityAgent is unmodified, meaning code signature is undamaged.
tell application "System Events" set processList to get the name of every process set saWindows to {} if processList contains "SecurityAgent" then -- does it run? set saPath to POSIX path of application file of application process "SecurityAgent" if saPath is not "/System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle" then -- assume this location is protected enough to be geniune tell application "Finder" to display dialog "There is a SecurityAgent, but it's the wrong one!" with icon stop buttons {"OK"} return end if try -- is it signed set saSignature to do shell script "codesign -d /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle/Contents/MacOS/SecurityAgent" on error tell application "Finder" to display dialog "Signature broken!" with icon stop buttons {"OK"} return end try set saWindows to every window of application process "SecurityAgent" end if if saWindows is {} then -- Does it display a dialog? tell application "Finder" to display dialog "No official password dialog is opened." buttons {"OK"} with icon stop return end if end tell display dialog "Seems legit." with icon note buttons {"OK"}
bot47
- 7,742