Apple just released an update to Leopard, version 10.5.1.
The support document says the following:
Addresses a code signing issue; third-party applications can now run when included in the Application Firewall or when whitelisted in Parental Controls. In Security preferences’ Firewall tab, the “Block All” option is now called “Allow Only essential services”
Well, I suppose that’s some kind of progress. At least it’s labelled accurately. I’ve been really slammed this week, but Chris and I should have the instructions for using WaterRoof in combination with our template
ipfw rule set and the Application Firewall soon (hopefully today).
I’ve tested the update and the application firewall still signs applications, but instead of just failing to launch modified applications, we’re now prompted to allow access manually again if they change. Code signing can be rough because of issues like this, and I think the prompt is a reasonable solution. However, I would prefer it to say, “This application has been modified since its last use; please click to allow network access” so we know that it’s a real change to the application and not just a random prompt to approve again.
In a separate document, Apple details some additional security updates to the application firewall. Most notably, the firewall will now block processes running as
root if you specify them in the application firewall.
Based on these updates I’m now running the application firewall with
ipfw, and will try and get those instructions posted soon.
Not that any of this matters much since there are no network attacks on Macs in the wild right now, but we all know that can’t last…