Blog

Leopard Firewall + Code Signing Breaks Skype (And Other Applications)

By Rich

I’m almost done with my deeper review of the firewall, but discovered something ugly in the process of podcasting and firewall testing.

If you enable the firewall in the “Set access for specific services and applications” mode, Leopard digitally signs applications on launch that aren’t already signed via Apple’s mechanism.

If that application happens to change during runtime, as Skype seems to, the signature no longer matches and the application won’t run. There are no dialogs or warnings- the icon just dances on the dock for a few bounces then disappears.

I went to podcast last night and had this happen. Reinstalling it fixed the problem, but then it hit again today. I looked in my console and saw the following:

Nov 1 16:09:34 CrashBook [0x0-0x27027].com.skype.skype[387]: Check 1 failed. Can’t run Skype

Googling that error returns some threads in Skype forums that indicate this is a known issue related to the firewall and code signing.

A reinstall fixes it, but this is, obviously, a bit of a problem.

I’m somewhat surprised this hasn’t made the rounds yet.

No Related Posts
Comments

Barry is a funny guy, why not go around his zone. <a >dofus power leveling</a>

By nasri


[...] Originally Posted by analogika   Maybe I’‘m being stupid, but what the hell does keeping the port for Skype open in the firewall by default (by designating Skype an "essential service") have to do with code signing?  Leopard Firewall + Code Signing Breaks Skype (And Other Applications) | securosis.com [...]

By 10.5.1 firewall and Skype - MacNN Forums


[...] + rand + ‘’?" type="text/javascript">x3C/script>’‘); Mogull traced the issue to the firewall’s (application security) code signing features. Leopard signs [...]

By Mac OS X firewall blocks Skype and online gamers -


[...] traced the issue to the firewall’s (application security) code signing features. Leopard signs [...]

By Mac OS X firewall blocks Skype and online gamers |


[...] Když opomineme vypnutý firewall, je s firewallem ještě jeden signifikantní problém. Skype. Když si firewall zapnete (System Preferences - Security) a nemáte nastaveno Allow all incoming connections a používáte Skype, dojde za nějakou dobu k nepříjemné události: Skype odmítne fungovat. Na chvíli pomůže reinstalace, po nějaké další blíže nejisté době nepomůže ani ta. Securosis.com [...]

By Marigold.cz » Co u Leopardu zasmrádlo


[...] über eine nachlässige Standardeinstellung hinaus. Der IT-Sicherheitsberater Rich Mogull beschreibt in seinem Blog, dass eine einmal aktivierte Leopard-Firewall auf dem Mac installierte Programme beschädigen [...]

By Apple schlampt bei der Sicherheit


[...] because the application’s checksum would no longer match the checksum in the signature.) If the application changes itself while running, as Skype does (and as some other applications do too), it won’t match the signature the next [...]

By ippimail.com » Blog Archive » Leopard


[...] because the application’s checksum would no longer match the checksum in the signature.) If the application changes itself while running, as Skype does (and as some other applications do too), it won’t match the signature the next [...]

By Leopard Firewall Takes One Step Forward


[...] startet unter Mac OS X «Leopard» nur einmal, wenn man die «Leopard»-Firewall mit der Konfiguration «Zugriff auf bestimmte Dienste und Programme» festlegen…. Das Problem besteht im Grundsatz darin, dass die «Leopard»-Firewall feststellt, dass sich die [...]

By MacMacken » World of Warcraft mit «Leopard


I posted an entry on my blog regarding this issue yesterday. Apparently, this Leopard firewall also breaks World of Warcraft and prevents it from running properly.

By Jason


If you like to leave comments, and aren’t a spammer, register for the site and email us at info@securosis.com and we’ll turn off moderation for your account.