cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community
English
Announcements
We are making some updates so the Community might be down for a few hours on Monday the 11th of November. Apologies for the inconvenience and thank you for your patience. You can find out more here.

Security and Permissions

Start a discussion in the Dropbox Community forum to get help with your account security and permissions. Find support from Community members.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Re: Unsigned Executable Muddies Water on Security Investigations

Labels:

Unsigned Executable Muddies Water on Security Investigations

GreyMane
New member | Level 2
July

On Mac, an unsigned executable can muddy the water on security investigations.
/Library/DropboxHelperTools/Dropbox_u501/dbkextd
Whereas unsigned executables are a big attack vector for Mac, anything that is in here could be the source of an experienced security event. All legitimate software installed by a legitimate company should be signed to avoid this delay. Signing it would make it not appear suspicious in an investigation and save security incident responders precious moments. Being unsigned could also allude to the executable having been tampered with. If there is a signed version in the original files and the unsigned version exists in the system, then that is a far simpler check that than trying to reverse engineer the suspected unsigned executable to see what might have been wrapped into it. Long story short, signing all your files for your app makes our lives in security a lot less frustrating.

Labels:
  • 0 Likes
  • 2 Replies
  • 635 Views
0 Likes
2 Replies 2

radical_exponent
Dropbox Engineer
July

Hi @GreyMane,

Can you clarify what you're using to check the signature? My understanding is that that binary is and always has been code signed by Dropbox.

0 Likes

GreyMane
New member | Level 2
July

No, you are exactly correct. Apologies, it is a false positive in our Etre tool I will raise the issue with them!

Executable=/Library/DropboxHelperTools/Dropbox_u501/dbkextd

Identifier=com.getdropbox.dropbox.dbkextd

Format=Mach-O thin (arm64)

CodeDirectory v=20500 size=906 flags=0x10000(runtime) hashes=22+2 location=embedded

VersionPlatform=1

VersionMin=720896

VersionSDK=852736

Hash type=sha256 size=32

CandidateCDHash sha256=9d60b9eca42a1e70d88b44e403610ac477d4f239

CandidateCDHashFull sha256=9d60b9eca42a1e70d88b44e403610ac477d4f239665d9883084cf637ea789e7e

Hash choices=sha256

CMSDigest=9d60b9eca42a1e70d88b44e403610ac477d4f239665d9883084cf637ea789e7e

CMSDigestType=2

Page size=4096

CDHash=9d60b9eca42a1e70d88b44e403610ac477d4f239

Signature size=8996

Authority=Developer ID Application: Dropbox, Inc. (G7HH3F8CAK)

Authority=Developer ID Certification Authority

Authority=Apple Root CA

Timestamp=Jul 9, 2024 at 6:09:49 AM

Info.plist entries=14

TeamIdentifier=G7HH3F8CAK

Runtime Version=13.3.0

Sealed Resources=none

Internal requirements count=1 size=192

0 Likes
Need more support?