[GlowWorm FW v1.5.3b2]
Released date: 2007.02.21
Revision number: 1859
Download link: GlowWorm-1.5.3b2.dmg.zip
Although we all find the password dialogs annoying, they serve a very important purpose: they
keep non-root processes from doing things that they shouldn't be doing, unless you (an
Administrative user) authorize it. This same security model is used by GlowWorm to ensure that
not just any user may connect to the system and start modifying rules. Imagine, if you will,
a malicious program designed specifically to thwart GlowWorm and other software-based firewalls.
If you can start GlowWorm.app and modify rules (without being required to provide a password
first) or if you can start Menubar.app and authorize connection requests (also without being
required to provide a password first) then any trivial program could do the same. With this
release, an authorization system is now fully functioning, that prevents any access to rules
unless the process that is trying to access the rules is either owned by root, or has been
previously authorized by root.
At the behest of a user, Menubar.app now stores the "hide menubar icon" preference itself, so
that if you want to minimize the GlowWorm UI as much as possible, you can have Menubar.app
run at login, never show the menubar icon, and only have to type in your password once.
- Menubar.app now properly honors the "hide menubar icon" preference.
- Added support for explicit process authorization for unprivileged processes wishing to use rules.
- Fixed an issue where the wrong pid was being waitpid()'ed in GlowWorm::runAsRoot.
- Fixed an issue where the 'demo expired' dialog would appear every minute after demo expiration instead of just once.