On Tue, Nov 13, 2007, Brian Campbell wrote:
>On Nov 13, 2007, at 6:23 PM, Andrew J. Hesford wrote:
>
>>I can confirm this behavior. The checksum changes when you have the
>>application firewall enabled. When it asks you if you want to allow
>>connections, it seems that Apple fools with the server, and that
>>changes the checksum. My checksum matches Ben's before X11 is run,
>>and even after X11 is run when I have disabled the firewall.
>>However, my checksum changes to 943707... (the same reported) when
>>the firewall is enabled and I run X11.
>
>Ah, that's right. codesign -dvvvv /usr/X11/bin/Xquartz reports that
>the OS has added an ad-hoc signature to the executable. That allows
>the firewall to make sure that the application hasn't changed since
>you gave it permission to connect to the network.
There was an article on this on infoworld this week that pointed
out that this causes problems with the firewall when updating
software as the signature changes so network access is denyed.
Personally I don't like this type of thing as it can cause
problems with software verification and intrusion detection
systems that look for changes in binaries (I disable Red Hat
and CentOS Linux prelink function that's supposed to make things
faster, but renders ``rpm --verify'' worthless).
Bill
--
INTERNET: email@hidden Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way
FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676
You need only reflect that one of the best ways to get yourself a
reputation as a dangerous citizen these days is to go about repeating
the very phrases which our founding fathers used in the struggle for
independence. -- Charles A. Beard
_______________________________________________
Do not post admin requests to the list. They will be ignored.
X11-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/x11-users/email@hidden
This email sent to email@hidden
