[GlowWorm FW v1.5.2b5]
Released date: 2007.01.30
Revision number: 1728
Download link: GlowWorm-1.5.2b5.dmg.zip
There was a long-standing issue in the Installer that prevented it from recognizing that
GlowWorm.framework needed to be updated. This bug did not affect new installations.
Started work on a new feature dubbed "process chains" for the time being. This
should provide a significantly greater level of control. The problem this should
address is as follows: if you use telnet on a regular
basis (ie, using it to make sure that your internet connection is alive, or that
some service on a remote machine is in fact listening on the correct
port), what permissions would you assign it in GlowWorm? Given the broad scope of possible
remote hosts, it would likely be a lengthy list of endpoints in the rule. Process chains
provides a possible alternative.
Beyond simply limiting telnet to being run by a specific user account or only allowing it to
connect to specific remote hosts, we want to limit access
based on the "chain" of parent processes leading up to the execution of telnet. For instance,
launchd is the parent of
WindowServer is the parent of
Terminal is the parent of
login is the parent of
bash is the parent of telnet.
With this kind of control, most attacks that allow for arbitrary code execution that subsequently
make use of common tools would be prevented. It is important to realize that this feature does
not necessarily have to pertain to network access at all. This can apply simply to file execution.
The backend feature set for supporting this is called FileOps, for the time being.
In support of this feature, the Application table in the edit-rule panel in Rule Editor has been
updated with a seemingly useles expand-triangle. With Process Chain support, one will be able
to specify a list of application for each entry in the table.
- Fixed an issue in Installer.app that caused upgrades to fail silently.
- Renamed the Process tab to User & Group in Rule Editor.
- Cleaned up the preference pane in Menubar.app.
- Added partial back-end support for process chains.
- Added GUI support for process chains in the Application tab of Rule Editor.
- Added potential fix for a redraw issue in the Rule Editor by forcing thread synchronization.