SABnzbd Forums


http://45.79.196.47/

Mac OS X Firewall problem due to code CHANGE

http://45.79.196.47/viewtopic.php?t=6092

Page 1 of 1

Mac OS X Firewall problem due to code CHANGE

Posted: January 21st, 2011, 2:34 pm
by Norbertus
Version: 0.5.6
OS: Mac OS X 10.6.6
Install-type: OSx .app
Firewall Software: Mac OS X Firewall (System Preferences -> Security -> Firewall -> Advanced) with "Automatically allow signed software to receive incoming connections"
Is the issue reproducible? YES

Note: This bug only appears when using advanced firewall settings with a non-administrator user!

After removing the application quarantine:
(as administrator)

Code: Select all

~#  sudo xattr -d com.apple.quarantine /Applications/SABnzbd.app
I verified the code signature:

Code: Select all

~#  codesign -vv /Applications/SABnzbd.app
which says that all is ok.

After starting up SABnzbd after a reboot, Mac OS X requests permission to allow SABnzbd.app to accept incoming connections. This is odd, because I have already added an exception in the (advanced) firewall settings.

When checking the permissions and attributes of SABnzbd.app again, I find that all is ok, except when I verify the code signature again, I get the message:

Code: Select all

/Applications/SABnzbd.app: a sealed resource is missing or invalid
/Applications/SABnzbd.app/Contents/Resources/site.pyc: resource modified
When replacing the specific file site.pyc with the original, the firewall does not ask me for an exception, but the file appears to change every so often, which causes the firewall to ask for this exception.

Why does this file change, and is it not better (as a programming practice in general) to only change external files, i.e. not the application itself? It would benefit the stability and the trustworthiness of the application.

Please help/fix!

Re: Mac OS X Firewall problem due to code CHANGE

Posted: January 21st, 2011, 2:39 pm
by shypike
The Python runtime must be changing this file, because it's part of the runtime.
For what reason, I don't know.
Is the problem gone when you remove write-permission from the file?

Re: Mac OS X Firewall problem due to code CHANGE

Posted: January 21st, 2011, 4:16 pm
by Norbertus
After restoring the original site.pyc and change in permissions:

Code: Select all

~#  sudo chown -R root:admin /Applications/SABnzbd.app
~#  sudo chmod a-w /Applications/SABnzbd.app
and rebooting, the codesign response is OK and no more requests for firewall permissions appear. Perhaps it is wise to use an installer for the next SABnzbd.app (OS X) release, run as administrator which makes sure these permissions are correct, not only to solve the firewall issue, but also to prevent code corruption.

I have not found any error or warning messages yet, but I'll find out this weekend if all works fine now.

Thanks for the quick response!

{UPDATE: 2011-01-23}
All seems to work fine now, without the firewall problems, or any crashes or system messages.  :)
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited