Unsigned apps in 4.0.5 and 4.0.6

General discussions about Little Snitch
marco
Objective Development
Objective Development
Posts: 64
Joined: Mon Jul 28, 2014 3:00 pm
Location: Vienna, Austria

Re: Unsigned apps in 4.0.5 and 4.0.6

Post by marco » Tue Apr 10, 2018 4:05 pm

ryanparrish wrote:[…] you have to remove the code signature requirement on the *via* program.

The code signature requirement always affects a process pair, i.e. iTerm2 via svn in your case. What you need is a rule for iTerm2 via svn that ignores the code signature. But this does not affect other rules for just iTerm2, nor other via-rules for it (e.g. iTerm2 via ping).

If you create a rule that ignores the code signature for iTerm2 you take a pretty significant hit in security because iTerm2 itself, as well as any command you execute will not be verified.

atb
Posts: 2
Joined: Fri Apr 06, 2018 2:12 am

Re: Unsigned apps in 4.0.5 and 4.0.6

Post by atb » Wed Apr 11, 2018 4:01 am

Thanks Marco! Looking forward to the next release!

marco wrote:As Christian wrote, there definitely is a way to tell Little Snitch that you want to ignore the code signature of a particular app or executable. We are aware that this is not easy to find, depending on how the issue presents itself the first time (e.g. Connection Alert vs. Silent Mode).

As is very clear from the feedback in this thread and via other means (Twitter, tech support), the workflow around executables with code signature issues is anything but straight-forward. There will be improvements to this in the next update, e.g. that these extra high priority code signature issue override rules will become editable. Right now, you can only delete them, not edit them. We will make them editable and when you change them, they will loose their extra high priority and instead become rules with regular priority that ignore the executable’s code signature.

For now, we updated the documentation around this issue. I hope you find the following sections especially helpful:
https://help.obdev.at/littlesnitch/#/ad ... osignature
https://help.obdev.at/littlesnitch/#/ad ... g-whattodo

Please let us know if you have ideas on how to improve the situation. Our goal is definitely not preventing things installed via Homebrew from working!

Post Reply