Focus on Apple
Apple releases Mac OS X v10.5.1 with Application Firewall security updates Nov 15 2007 07:11PM
Todd Woodward (todd_woodward symantec com) (1 replies)
Application Firewall security updates Nov 15 2007 08:08PM
Radoslav Dejanoviæ (radoslav dejanovic opsus hr) (4 replies)
Re: Application Firewall security updates Nov 21 2007 03:00PM
Dave Piscitello (dave corecom com) (2 replies)
Re: Application Firewall security updates Nov 21 2007 09:27PM
Ansgar -59cobalt- Wiechers (bugtraq planetcobalt net) (3 replies)
Re: Application Firewall security updates Nov 22 2007 06:35PM
Derek Chesterfield (dez mac com)
Re: Application Firewall security updates Nov 22 2007 04:28PM
Bruce Carter (bcarter nd edu)
RE: Application Firewall security updates Nov 21 2007 10:43PM
Todd Woodward (todd_woodward symantec com)
Re: Application Firewall security updates Nov 21 2007 09:02PM
Chris Adams (chris improbable org)
Re: Application Firewall security updates Nov 16 2007 03:58AM
Mike Savory (mike_lists nzbox com)
RE: Application Firewall security updates Nov 15 2007 09:55PM
Todd Woodward (todd_woodward symantec com)
Re: Application Firewall security updates Nov 15 2007 09:51PM
Dave Schroeder (das doit wisc edu) (3 replies)
Re: Application Firewall security updates Nov 15 2007 11:36PM
Mark Senior (senatorfrog gmail com) (3 replies)
Re: Application Firewall security updates Nov 17 2007 02:54PM
Chris Pepper (pepper reppep com) (1 replies)
Re: Application Firewall security updates Nov 19 2007 12:59PM
Sandor Szücs (sszuecs zedat fu-berlin de)
Re: Application Firewall security updates Nov 16 2007 11:03AM
Radoslav Dejanoviæ (radoslav dejanovic opsus hr) (2 replies)
Re: Application Firewall security updates Nov 16 2007 05:30PM
Mark Senior (senatorfrog gmail com)
Re: Application Firewall security updates Nov 16 2007 04:34PM
Derek Chesterfield (dez mac com) (1 replies)
Re: Application Firewall security updates Nov 17 2007 12:30AM
Mark Senior (senatorfrog gmail com)
Re: Application Firewall security updates Nov 16 2007 04:47AM
Derek Chesterfield (dez mac com) (2 replies)
Re: Application Firewall security updates Nov 16 2007 04:08PM
Scott Russell (ScottRussell nd edu)
Fwd: Application Firewall security updates Nov 16 2007 04:55AM
Derek Chesterfield (dez mac com)
Re: Application Firewall security updates Nov 15 2007 10:08PM
Radoslav Dejanoviæ (radoslav dejanovic opsus hr)
Re: Application Firewall security updates Nov 15 2007 10:05PM
Dave Schroeder (das doit wisc edu)
On Nov 15, 2007, at 3:51 PM, Dave Schroeder wrote:

>> P.S. Application Layer Firewall, AFAIK, doesn't filter out programs
>> running with superuser privileges. That calls for trouble.
>
> Apple describes all of this very explicitly here:
>
> http://docs.info.apple.com/article.html?artnum=306938
>
> The 10.5.0 Application Firewall blocked all but:
>
> ? Processes that are running as UID 0
> ? mDNSResponder
>
> The 10.5.1 Application Firewall blocks all but:
>
> ? configd, which implements DHCP and other network configuration
> services
> ? mDNSResponder, which implements Bonjour
> ? racoon, which implements IPSec
>
> So, while I haven't tested yet, it does NOT appear to allow all UID
> 0 processes, but rather only the above processes. If this is
> accurate, that concern is now moot.

And from <http://docs.info.apple.com/article.html?artnum=307004>:

> CVE-ID: CVE-2007-4703
>
> Available for: Mac OS X v10.5, Mac OS X Server v10.5
>
> Impact: Processes running as user "root" (UID 0) cannot be blocked
> when the firewall is set to "Set access for specific services and
> applications"
>
> Description: The "Set access for specific services and applications"
> setting for the Application Firewall allows any process running as
> user "root" (UID 0) to receive incoming connections, even if its
> executable is specifically added to the list of programs and its
> entry in the list is marked as "Block incoming connections". This
> could result in the unexpected exposure of network services. This
> update corrects the issue so that any executable so marked is
> blocked. This issue does not affect systems prior to Mac OS X v10.5.

Based on this, and the updates to <http://docs.info.apple.com/article.html?artnum=306938
> described in my last message, I'd say that several major issues
with the Application Firewall have been addressed. Namely, the
assertion that "Block all incoming connections" is misleading, and
always allowing access to all UID 0 applications, regardless of
explicit settings.

A lot of people weren't upset that Apple was making a judgment to
still allow things like, e.g., Bonjour, but that "Block all incoming
connections" didn't do just that. So they've tightened up the
implementation and clarified the user interface. And, "ipfw technology
is still accessible [...] and the Application Firewall does not
overrule rules set with ipfw; if ipfw blocks an incoming packet, the
Application Firewall will not process it."

- Dave0? *?H?÷
 ?0?1 0 +0? *?H?÷
 ?>0?ô0?] DM0
 *?H?÷
0S1 0 UUS10U
Equifax Secure Inc.1&0$UEquifax Secure eBusiness CA-10
050829160720Z
150829160720Z0?1 0 UUS1+0)U
"Division of Information Technology1#0!U Faculty - Staff - Students1(0&UUniversity of Wisconsin-Madison0?0
 *?H?÷
0?èHQÜ%wË ktëùNßM}V?ïȶÂ#¹.³S*?¥I|R±%ö3?~?cëG:!+·Ä? ÇL$ò­©«
8)?¿.Æ01qL|?I?¿Öm²\×[¼'¯íG̪»´V ?ëùçe><|¯÷?°
æp;?Ã??£?0?0Uÿ?0U?RRbG,k,¸iñ©7,#$0U
#0?Jx2RÛY6^ßÁ6@jG|L¡0Uÿ0ÿ09U2000. , *?(http://cr
l.geotrust.com/crls/ebizca1.crl0
 *?H?÷
%ñDX3wç֍ת· ?7kæÞßµ±z°c_?+åLÓPpGOsÉ>ف¬ÐDÓ±Ü-++?ü}£Z?? d£Áù'öTï¡*)ÿw~G²?¨ø
Oµö¬U~ºbSJh,óN¨GTaßs\ÇDØéR#êeb¨Åg0?B0?« ?0
 *?H?÷
0?1 0 UUS1+0)U
"Division of Information Technology1#0!U Faculty - Staff - Students1(0&UUniversity of Wisconsin-Madison0
070724175606Z
080920175606Z0Ð1 0 UUS10U Wisconsin10UMadison1(0&U
University of Wisconsin-Madison1#0!U Faculty - Staff - Students10U Token -10UDavid Schroeder1 0 *?H?÷
 das (at) doit.wisc (dot) edu0 [email concealed]?0
 *?H?÷
0????èöÆ?³G¡J[ ¨×
Qò?sJ?'Uî.øë
ÂC«ÓmÂ?5(¢?äðÛ¢1?Hµ8iä¬C°«é£ Ê¢4ÝsR|F?Sû?©¶2±ï?Æ?´zó?¬ÿPïí?ð?ÖÜ5àò?ݐ?ÕÍnæ?y
>ªÛ% ?ä¹£p0n0Uÿà0;U40200 . ,?*http://crl.geotrust.com/cr
ls/wisconsin.crl0U#0??RRbG,k,¸iñ©7,#$0
 *?H?÷
ß¢úx IíN®?t ý¼¬Åƪ¡ q ?Þ¦`,]H?)u?Há?tm³°é¥¾0ñÊOV6¾Ô?
&@v?@¯IÿßO=?~ÿuC"i?Â?N??0ÔÉ® G¥ªÙ»rs5ì#¯P?ÑËpÍX¯âô³©ÖÙ?Ðz?YuVC?ö?1?â0?Þ00?1 0 UUS1+0)U
"Division of Information Technology1#0!U Faculty - Staff - Students1(0&UUniversity of Wisconsin-Madison?0 + ?§0 *?H?÷
 1  *?H?÷
0 *?H?÷
 1
071115220536Z0# *?H?÷
 1ã;]¾63FC#8gJÞvlû_"v0¡ +?71?00?1 0 UUS1+0)U
"Division of Information Technology1#0!U Faculty - Staff - Students1(0&UUniversity of Wisconsin-Madison?0£ *?H?÷
  1? 0?1 0 UUS1+0)U
"Division of Information Technology1#0!U Faculty - Staff - Students1(0&UUniversity of Wisconsin-Madison?0
 *?H?÷
?BÝt?0Pã{?rh²j?ôxî7ç?\ºb?q?-~AÆ?ÝZª&T­?¢¼ZPû
4?TÉC0º^8?LAÛ7Úϼ&´¸;3?·­V裤1f*T©®ªù}o¿FX>É=U?ò7/¡S¥~÷±B¢&Òr~*?yo
º???ó

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus