Re: launch agent and firewall
Re: launch agent and firewall
- Subject: Re: launch agent and firewall
- From: "Quinn \"The Eskimo!\"" <email@hidden>
- Date: Mon, 14 Sep 2015 20:44:21 +0100
On 14 Sep 2015, at 19:06, Nick <email@hidden> wrote:
> Yes my code is listening to incoming connections, however I do not own that code - I just embedded a web server into my app, thus i am not the one who binds/listens to a socket and accepts connections - so i cannot delegate this to launchd.
In my experience it's relatively simple to cut the head off such code and wire it up to a launchd-based listening socket. The advantage of that approach is that you get launch on demand support.
> I would assume that once the app has been allowed with the firewall, the system could calculate the binary's hash/checksum, so the next time the firewall wants to pop up an alert, it would recalculate the checksum and compare the result with what it has in its database already, check whether the checksum (and therefore the binary) has changed since or not, and based on that pop up an alert or just allow/block the connection.
Back in the days things worked that way for the firewall, and I believe things still work that way for the keychain. However, code signing has become sufficiently widespread on OS X that I wouldn't be surprised if the legacy support has fallen by the wayside.
Share and Enjoy
--
Quinn "The Eskimo!" <http://www.apple.com/developer/>
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden