{"id":9755,"date":"2014-10-08T10:26:11","date_gmt":"2014-10-08T14:26:11","guid":{"rendered":"http:\/\/mjtsai.com\/blog\/?p=9755"},"modified":"2014-10-08T10:52:32","modified_gmt":"2014-10-08T14:52:32","slug":"gatekeepers-cdhash-whitelist","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2014\/10\/08\/gatekeepers-cdhash-whitelist\/","title":{"rendered":"Gatekeeper’s CDHash Whitelist"},"content":{"rendered":"

Daniel Jalkut<\/a> has solved the “accepted cdhash” mystery<\/a> with Mac OS X 10.9.5’s Gatekeeper<\/a>:<\/p>\n

My suspicion is that in the run-up to the major changes Apple has made to Gatekeeper, they painstakingly accumulated a list of 36215 “trusted” hashes and deposited them on everybody’s Mac so that the effect of 10.9.5’s stricter code signing checks would be mitigated.<\/p>\n

[…]<\/p>\n

This whitelist offers a significant amount of explanation as to why some apps are allowed to launch without issue on 10.9.5 and 10.10.<\/p><\/blockquote>\n

Edward Marczak<\/a>:<\/p>\n

10.9.4 ran an agent that uploaded these to Apple. That’s where they get the mass hash list from.<\/p><\/blockquote>\n

Daniel Jalkut<\/a>:<\/p>\n

Everybody has to start signing with the modern code-signing infrastructure. In the interim, there’s a good chance your app has been whitelisted to operate as usual during the transition, but that courtesy will probably not extend to your next release.<\/p><\/blockquote>\n

Really poor communication from Apple here, but probably the right technical solution.<\/p>","protected":false},"excerpt":{"rendered":"

Daniel Jalkut has solved the “accepted cdhash” mystery with Mac OS X 10.9.5’s Gatekeeper: My suspicion is that in the run-up to the major changes Apple has made to Gatekeeper, they painstakingly accumulated a list of 36215 “trusted” hashes and deposited them on everybody’s Mac so that the effect of 10.9.5’s stricter code signing checks […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"","apple_news_api_id":"","apple_news_api_modified_at":"","apple_news_api_revision":"","apple_news_api_share_url":"","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[466,465,30,903,475],"class_list":["post-9755","post","type-post","status-publish","format-standard","hentry","category-technology","tag-codesigning","tag-gatekeeper","tag-mac","tag-mac-os-x-10-10-yosemite","tag-mavericks"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/9755","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=9755"}],"version-history":[{"count":4,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/9755\/revisions"}],"predecessor-version":[{"id":9761,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/9755\/revisions\/9761"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=9755"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=9755"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=9755"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}