Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'LIFE - SAVE - ... ER' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
LIFE - SAVE - ... ER
Authored by: CoolerQ on Sep 30, '05 05:16:13PM

It's an obvious security hazard. Think about it!

If you can programatically allow Little Snitch connections (i.e. from the shell), so can malicious apps!

--Quentin



[ Reply to This | # ]
LIFE - SAVE - ... ER
Authored by: ratthing on Oct 02, '05 08:24:53AM

Which is why it would be better to use the built-in firewall and use the priviledge separation it provides, learning about that would take too much work. People use Little Snitch because it's "easy" and they don't understand that OS X already provides the same functionality.

Little Snitch is insecure were it to have a CLI because it runs as the user that is logged in and thus, requires no password to make configuration changes. If it ran as the priviledged user or another user, then you'd have to use sudo to change anything via the CLI.

Of course, in the "real world" you'd never be running your filewall from your workstation.

=RT=



[ Reply to This | # ]
LIFE - SAVE - ... ER
Authored by: xSmurf on Oct 02, '05 09:38:12AM

An update to this hint is coming up. I don't wanna say too much so far, but yes any app can just "programatically" add rules to LittleSnitch with little chances you know about it! Being easy to use is no excuse to a huge lack of security, actually I think it should be the opposite. If you don't know how to use ipfw and such, you probably don't realize how unsure LittleSnitch is, but it remains so!

---
Free iPods, now in Canada to! Get yours : http://tinyurl.com/75yta

PM G4 DP 800 / 1.25gb / 120Gb+80Gb / CD/DVD±RW/RAM/DL
- The only APP Smurf



[ Reply to This | # ]