← Back to context Comment by masfuerte 10 hours ago Then what stops the malware accessing the keyring? 2 comments masfuerte Reply mxey 5 hours ago On disk, it’s encrypted. The running service, at least on macOS, only hands the item out to specific apps, based on their code signing identity. ElectricalUnion 2 hours ago Who signs an "app" when I download it from Homebrew?If all Homebrew "apps" are the same key then accepting a keyring notification on one app is a lost cause at it would allows things vulnerable to RCE to read/write everything?
mxey 5 hours ago On disk, it’s encrypted. The running service, at least on macOS, only hands the item out to specific apps, based on their code signing identity. ElectricalUnion 2 hours ago Who signs an "app" when I download it from Homebrew?If all Homebrew "apps" are the same key then accepting a keyring notification on one app is a lost cause at it would allows things vulnerable to RCE to read/write everything?
ElectricalUnion 2 hours ago Who signs an "app" when I download it from Homebrew?If all Homebrew "apps" are the same key then accepting a keyring notification on one app is a lost cause at it would allows things vulnerable to RCE to read/write everything?
On disk, it’s encrypted. The running service, at least on macOS, only hands the item out to specific apps, based on their code signing identity.
Who signs an "app" when I download it from Homebrew?
If all Homebrew "apps" are the same key then accepting a keyring notification on one app is a lost cause at it would allows things vulnerable to RCE to read/write everything?