|
|
|
|
|
|
by seandougall
2512 days ago
|
|
|
> For macOS for example, all resources (including ASAR files) are signed, and macOS makes it intentionally difficult to install anything that isn't signed. I just tried this with Slack on macOS, and it launched without a single complaint about code signing. It would appear that either the ASAR files are not included in the signature, or the OS doesn't check the entire application bundle on every launch. (Edit: That said, I needed sudo to do the mod in the first place, so I'm not about to start panicking about this as an attack vector.) (Edit 2: As 'marshallofsound pointed out below and elsewhere, it is the latter case; the OS doesn't check the entire bundle on every launch. Which makes sense, and also means TFA is not really about Electron at all.) |
|
|