Mac OS X Firewall problem due to code CHANGE

Report & discuss bugs found in SABnzbd
Forum rules
Help us help you:
  • Are you using the latest stable version of SABnzbd? Downloads page.
  • Tell us what system you run SABnzbd on.
  • Adhere to the forum rules.
  • Do you experience problems during downloading?
    Check your connection in Status and Interface settings window.
    Use Test Server in Config > Servers.
    We will probably ask you to do a test using only basic settings.
  • Do you experience problems during repair or unpacking?
    Enable +Debug logging in the Status and Interface settings window and share the relevant parts of the log here using [ code ] sections.
Post Reply
User avatar
Norbertus
Newbie
Newbie
Posts: 33
Joined: January 21st, 2011, 2:11 pm

Mac OS X Firewall problem due to code CHANGE

Post by Norbertus »

Version: 0.5.6
OS: Mac OS X 10.6.6
Install-type: OSx .app
Firewall Software: Mac OS X Firewall (System Preferences -> Security -> Firewall -> Advanced) with "Automatically allow signed software to receive incoming connections"
Is the issue reproducible? YES

Note: This bug only appears when using advanced firewall settings with a non-administrator user!

After removing the application quarantine:
(as administrator)

Code: Select all

~#  sudo xattr -d com.apple.quarantine /Applications/SABnzbd.app
I verified the code signature:

Code: Select all

~#  codesign -vv /Applications/SABnzbd.app
which says that all is ok.

After starting up SABnzbd after a reboot, Mac OS X requests permission to allow SABnzbd.app to accept incoming connections. This is odd, because I have already added an exception in the (advanced) firewall settings.

When checking the permissions and attributes of SABnzbd.app again, I find that all is ok, except when I verify the code signature again, I get the message:

Code: Select all

/Applications/SABnzbd.app: a sealed resource is missing or invalid
/Applications/SABnzbd.app/Contents/Resources/site.pyc: resource modified
When replacing the specific file site.pyc with the original, the firewall does not ask me for an exception, but the file appears to change every so often, which causes the firewall to ask for this exception.

Why does this file change, and is it not better (as a programming practice in general) to only change external files, i.e. not the application itself? It would benefit the stability and the trustworthiness of the application.

Please help/fix!
Top
User avatar
shypike
Administrator
Administrator
Posts: 19773
Joined: January 18th, 2008, 12:49 pm

Re: Mac OS X Firewall problem due to code CHANGE

Post by shypike »

The Python runtime must be changing this file, because it's part of the runtime.
For what reason, I don't know.
Is the problem gone when you remove write-permission from the file?
Top
User avatar
Norbertus
Newbie
Newbie
Posts: 33
Joined: January 21st, 2011, 2:11 pm

Re: Mac OS X Firewall problem due to code CHANGE

Post by Norbertus »

After restoring the original site.pyc and change in permissions:

Code: Select all

~#  sudo chown -R root:admin /Applications/SABnzbd.app
~#  sudo chmod a-w /Applications/SABnzbd.app
and rebooting, the codesign response is OK and no more requests for firewall permissions appear. Perhaps it is wise to use an installer for the next SABnzbd.app (OS X) release, run as administrator which makes sure these permissions are correct, not only to solve the firewall issue, but also to prevent code corruption.

I have not found any error or warning messages yet, but I'll find out this weekend if all works fine now.

Thanks for the quick response!

{UPDATE: 2011-01-23}
All seems to work fine now, without the firewall problems, or any crashes or system messages.  :)
Last edited by Norbertus on January 23rd, 2011, 8:36 am, edited 1 time in total.
Top
Post Reply

Return to “Bug Reports”