Login  |  Register  |  Contact

Leopard Firewall + Code Signing Breaks Skype (And Other Applications)

I’m almost done with my deeper review of the firewall, but discovered something ugly in the process of podcasting and firewall testing.

If you enable the firewall in the “Set access for specific services and applications” mode, Leopard digitally signs applications on launch that aren’t already signed via Apple’s mechanism.

If that application happens to change during runtime, as Skype seems to, the signature no longer matches and the application won’t run. There are no dialogs or warnings- the icon just dances on the dock for a few bounces then disappears.

I went to podcast last night and had this happen. Reinstalling it fixed the problem, but then it hit again today. I looked in my console and saw the following:

Nov 1 16:09:34 CrashBook [0x0-0x27027].com.skype.skype[387]: Check 1 failed. Can’t run Skype

Googling that error returns some threads in Skype forums that indicate this is a known issue related to the firewall and code signing.

A reinstall fixes it, but this is, obviously, a bit of a problem.

I’m somewhat surprised this hasn’t made the rounds yet.

—Rich

No Related Posts
Previous entry: Network Security Podcast, Episode 82: The Scary Halloween/Mac Episode | | Next entry: Investigating the Leopard Firewall

Comments:

If you like to leave comments, and aren't a spammer, register for the site and email us at info@securosis.com and we'll turn off moderation for your account.

By David Grob  on  11/01  at  11:58 AM

It has already made rounds, at least in German Mac forums, German blogs (e.g. MacHackers by the CCC) and in German blogs (e.g. MacMacken, see http://www.macmacken.com/2007/10/27/skype-mit-leopard-macken/).

By rmogull  on  11/01  at  12:01 PM

Funny how it hasn’‘t spread more, I’‘ll be shocked if a lot of people haven’‘t been dealing with this for a while.

By David Grob  on  11/01  at  12:09 PM

It seems that not all Skype users face the above-described problem, probably depending on the firewall configuration or the way they installed/updated to Mac OS X 10.5. In addition, Skype doesn’‘t seem to be that important for Mac users ...

By rmogull  on  11/01  at  12:11 PM

It’s only if you use the firewall in application control mode when Skype is launched. Allow all or block all don’‘t have the same effect.

By Jake  on  11/01  at  04:39 PM

I’‘ve had this problem with either and upgrade or a clean install.

By John  on  11/01  at  07:22 PM

Skype obviously has several anti-reversing mechanisms within it, primarily code packing.
I wouldn’‘t have thought a packer would break the signing mechanism though, unless it’s modifying the file on disk (i dont know why it would?) The other reason, and slghtly more interesting explaination might be that apple is validating the application’s signature in memory? This might also stop some code injection tricks that the matasano boys were talking about.

By Jason  on  11/02  at  07:12 AM

I posted an entry on my blog regarding this issue yesterday. Apparently, this Leopard firewall also breaks World of Warcraft and prevents it from running properly.

By MacMacken » World of Warcraft mit «Leopard  on  11/03  at  12:46 AM

[...] startet unter Mac OS X «Leopard» nur einmal, wenn man die «Leopard»-Firewall mit der Konfiguration «Zugriff auf bestimmte Dienste und Programme» festlegen…. Das Problem besteht im Grundsatz darin, dass die «Leopard»-Firewall feststellt, dass sich die [...]

By Leopard Firewall Takes One Step Forward  on  11/05  at  08:56 AM

[...] because the application’s checksum would no longer match the checksum in the signature.) If the application changes itself while running, as Skype does (and as some other applications do too), it won’t match the signature the next [...]

By ippimail.com » Blog Archive » Leopard  on  11/05  at  08:58 AM

[...] because the application’s checksum would no longer match the checksum in the signature.) If the application changes itself while running, as Skype does (and as some other applications do too), it won’t match the signature the next [...]

By Apple schlampt bei der Sicherheit  on  11/05  at  09:05 PM

[...] über eine nachlässige Standardeinstellung hinaus. Der IT-Sicherheitsberater Rich Mogull beschreibt in seinem Blog, dass eine einmal aktivierte Leopard-Firewall auf dem Mac installierte Programme beschädigen [...]

By Marigold.cz » Co u Leopardu zasmrádlo  on  11/06  at  07:14 PM

[...] Když opomineme vypnutý firewall, je s firewallem ještě jeden signifikantní problém. Skype. Když si firewall zapnete (System Preferences - Security) a nemáte nastaveno Allow all incoming connections a používáte Skype, dojde za nějakou dobu k nepříjemné události: Skype odmítne fungovat. Na chvíli pomůže reinstalace, po nějaké další blíže nejisté době nepomůže ani ta. Securosis.com [...]

By Mac OS X firewall blocks Skype and online gamers |  on  11/06  at  10:00 PM

[...] traced the issue to the firewall’s (application security) code signing features. Leopard signs [...]

By Mac OS X firewall blocks Skype and online gamers -  on  11/07  at  03:20 AM

[...] + rand + ‘’?" type="text/javascript">x3C/script>’‘); Mogull traced the issue to the firewall’s (application security) code signing features. Leopard signs [...]

By 10.5.1 firewall and Skype - MacNN Forums  on  11/16  at  09:58 AM

[...] Originally Posted by analogika   Maybe I’‘m being stupid, but what the hell does keeping the port for Skype open in the firewall by default (by designating Skype an "essential service") have to do with code signing?  Leopard Firewall + Code Signing Breaks Skype (And Other Applications) | securosis.com [...]

By nasri  on  06/03  at  06:32 AM

Barry is a funny guy, why not go around his zone. <a >dofus power leveling</a>

Name:

Email:

Remember my personal information

Notify me of follow-up comments?