[GlowWorm FW v1.5.3b2]

Released date: 2007.02.21

Revision number: 1859

Download link: GlowWorm-1.5.3b2.dmg.zip


   [Comments]

Although we all find the password dialogs annoying, they serve a very important purpose: they keep non-root processes from doing things that they shouldn't be doing, unless you (an Administrative user) authorize it. This same security model is used by GlowWorm to ensure that not just any user may connect to the system and start modifying rules. Imagine, if you will, a malicious program designed specifically to thwart GlowWorm and other software-based firewalls. If you can start GlowWorm.app and modify rules (without being required to provide a password first) or if you can start Menubar.app and authorize connection requests (also without being required to provide a password first) then any trivial program could do the same. With this release, an authorization system is now fully functioning, that prevents any access to rules unless the process that is trying to access the rules is either owned by root, or has been previously authorized by root.

At the behest of a user, Menubar.app now stores the "hide menubar icon" preference itself, so that if you want to minimize the GlowWorm UI as much as possible, you can have Menubar.app run at login, never show the menubar icon, and only have to type in your password once.


   [Changelog]

  • Menubar.app now properly honors the "hide menubar icon" preference.
  • Added support for explicit process authorization for unprivileged processes wishing to use rules.
  • Fixed an issue where the wrong pid was being waitpid()'ed in GlowWorm::runAsRoot.
  • Fixed an issue where the 'demo expired' dialog would appear every minute after demo expiration instead of just once.

© Symphonic Systems, 2006 All Rights Reserved