|
|
|
|
|
|
by withinrafael
2512 days ago
|
|
|
Developers on Windows, in this scenario, can generate a catalog of all files in their app and sign that/verify that at runtime [1], negating the need to rely on upstream to incorporate signature support into the asar file spec. There may be workable equivalents on macOS and Linux. [1] https://docs.microsoft.com/en-us/windows-hardware/drivers/in... But this will all be in vain if the attacker scenario includes unfettered file-system access. (They can modify the app to not perform these checks, for example.) |
|
|