• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: announcing Xquartz release 1.2a9
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: announcing Xquartz release 1.2a9

  • Subject: Re: announcing Xquartz release 1.2a9
  • From: Bill Campbell <email@hidden>
  • Date: Tue, 13 Nov 2007 20:42:52 -0800
  • Mail-followup-to: email@hidden
On Tue, Nov 13, 2007, Brian Campbell wrote:
>On Nov 13, 2007, at 6:23 PM, Andrew J. Hesford wrote:
>
>>I can confirm this behavior. The checksum changes when you have the
>>application firewall enabled. When it asks you if you want to allow
>>connections, it seems that Apple fools with the server, and that
>>changes the checksum. My checksum matches Ben's before X11 is run,
>>and even after X11 is run when I have disabled the firewall.
>>However, my checksum changes to 943707... (the same reported) when
>>the firewall is enabled and I run X11.
>
>Ah, that's right. codesign -dvvvv /usr/X11/bin/Xquartz reports that
>the OS has added an ad-hoc signature to the executable. That allows
>the firewall to make sure that the application hasn't changed since
>you gave it permission to connect to the network.

There was an article on this on infoworld this week that pointed
out that this causes problems with the firewall when updating
software as the signature changes so network access is denyed.

Personally I don't like this type of thing as it can cause
problems with software verification and intrusion detection
systems that look for changes in binaries (I disable Red Hat
and CentOS Linux prelink function that's supposed to make things
faster, but renders ``rpm --verify'' worthless).

Bill
--
INTERNET:   email@hidden  Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/  PO Box 820; 6641 E. Mercer Way
FAX:            (206) 232-9186  Mercer Island, WA 98040-0820; (206) 236-1676

You need only reflect that one of the best ways to get yourself a
reputation as a dangerous citizen these days is to go about repeating
the very phrases which our founding fathers used in the struggle for
independence.  -- Charles A. Beard
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
X11-users mailing list      (email@hidden)

This email sent to email@hidden
References: 
 >Re: announcing Xquartz release 1.2a9 (From: email@hidden (Stefan Haller))
 >Re: announcing Xquartz release 1.2a9 (From: Jamie Kennea <email@hidden>)
 >Re: announcing Xquartz release 1.2a9 (From: Ben Byer <email@hidden>)
 >Re: announcing Xquartz release 1.2a9 (From: Brian Campbell <email@hidden>)
 >Re: announcing Xquartz release 1.2a9 (From: "Andrew J. Hesford" <email@hidden>)
 >Re: announcing Xquartz release 1.2a9 (From: Brian Campbell <email@hidden>)

  • Prev by Date: Re: Eliminating the xterm
  • Next by Date: Re: Eliminating the xterm
  • Previous by thread: Re: announcing Xquartz release 1.2a9
  • Next by thread: Re: announcing Xquartz release 1.2a9
  • Index(es):
    • Date
    • Thread