Option to disable new "code signature"-related forced alerts?

General discussions about Little Snitch
zhimsel
Posts: 2
Joined: Fri Jan 19, 2018 11:57 pm

Option to disable new "code signature"-related forced alerts?

Postby zhimsel » Sat Jan 20, 2018 12:02 am

In Little Snitch 4.0.5, a new feature was introduced:

A Connection Alert informing about a code signature mismatch is now shown even if Silent Mode is active. This is to prevent processes with an invalid code signature from communicating even in Silent Mode.


This is a great idea, and I'm glad it was implemented, but I feel like there should be an option to turn it off. Personally, I use LS primarily to block network connections on untrusted networks until I can connect to a trusted VPN. As such, my "trusted" profile allows all connections silently.

This new feature forces upon me the connection alert dialogs that I don't want while on a trusted network. Especially considering all the alerts for code signature mismatches are from commandline utilities that I trust.

While I'm not privy to your codebase, I feel like having an option to disable that "alert even in silent mode" behavior should be pretty easy to implement.

Thanks!

marco
Objective Development
Objective Development
Posts: 41
Joined: Mon Jul 28, 2014 3:00 pm
Location: Vienna, Austria

Re: Option to disable new "code signature"-related forced alerts?

Postby marco » Fri Jan 26, 2018 10:40 am

We found that the current implementation of this behavior is a bit more aggressive than originally intended. This will be improved in an upcoming release. We haven’t discussed yet if there should be an option to turn this off entirely, but we will take your feedback into consideration.

For now, you can create allow rules for the command line tools you mentioned. Or, when you already have a “trusted” profile in which Silent Allow Mode is active, you could create an allow rule in this profile for “Terminal” that allows connections to any server, while ignoring any code signature.

Could it be that the Connection Alerts you see are for processes that just don’t have any code signature? This is common for command line tools installed via Homebrew, for example.

These Connection Alerts during Silent Mode are intended to only be shown for severe problems where something is definitely and provably wrong. IIRC, these situations are:

  1. When a running process has an invalid code signature. This means that the executable was modified since the developer signed it, or the running process did something that invalidated its code signature (e.g. it loaded a third party library that has an invalid code signature).
  2. When you have existing rules that require a specific code signature, but the running process has either no code signature or a different code signature. That can be the case when the executable was replaced with one from a different developer since you created the rules, for example.

FYI: The latter point is what we call a “code signature mismatch”: It’s a mismatch between the running process’ code signature and the code signature an existing rule requires.

zhimsel
Posts: 2
Joined: Fri Jan 19, 2018 11:57 pm

Re: Option to disable new "code signature"-related forced alerts?

Postby zhimsel » Fri Jan 26, 2018 7:02 pm

We found that the current implementation of this behavior is a bit more aggressive than originally intended. This will be improved in an upcoming release. We haven’t discussed yet if there should be an option to turn this off entirely, but we will take your feedback into consideration.


That's great to hear! Personally, I'd recommend simply having a user-configurable "level" (which could just be "on" or "off") for this feature would be great. I can definitely see the usefulness of it in most situations, but not if it's forced. Having it "on" by default is definitely a good idea.

...when you already have a “trusted” profile in which Silent Allow Mode is active, you could create an allow rule in this profile... ignoring any code signature.


This is what I ended up doing. Figured out that you could manually add a global rule to allow all outgoing connections, ignoring code signatures. This works well enough, for now (for my situation at least).

Could it be that the Connection Alerts you see are for processes that just don’t have any code signature? This is common for command line tools installed via Homebrew, for example.


Sorry if my original post did not explain it well, but that's exactly what I meant. Valid-sig'd connections were being allowed silently (as expected), but only connections with invalid signatures were showing the alerts.

marco
Objective Development
Objective Development
Posts: 41
Joined: Mon Jul 28, 2014 3:00 pm
Location: Vienna, Austria

Re: Option to disable new "code signature"-related forced alerts?

Postby marco » Mon Jan 29, 2018 1:15 pm

Glad to hear the workaround works for now!

FYI: The reason why I asked about “no code signature” specifically is that the wording is quite important here. There’s a huge difference between “no code signature” and “invalid code signature”. The former means that the executable or process is simply not signed at all, while the latter means that it was signed, but was then modified in a way that broke the code signature.


Return to “Little Snitch General”

Who is online

Users browsing this forum: No registered users and 9 guests