General discussions about Little Snitch
- Objective Development
- Posts: 64
- Joined: Mon Jul 28, 2014 3:00 pm
- Location: Vienna, Austria
ryanparrish wrote:[…] you have to remove the code signature requirement on the *via* program.
The code signature requirement always affects a process pair
, i.e. iTerm2 via svn
in your case. What you need is a rule for iTerm2 via svn
that ignores the code signature. But this does not affect other rules for just iTerm2
, nor other via-rules for it (e.g. iTerm2 via ping
If you create a rule that ignores the code signature for iTerm2
you take a pretty significant hit in security because iTerm2 itself, as well as any command you execute will not be verified.
- Posts: 2
- Joined: Fri Apr 06, 2018 2:12 am
Thanks Marco! Looking forward to the next release!
As Christian wrote, there definitely is a way to tell Little Snitch that you want to ignore the code signature of a particular app or executable. We are aware that this is not easy to find, depending on how the issue presents itself the first time (e.g. Connection Alert vs. Silent Mode).
As is very clear from the feedback in this thread and via other means (Twitter, tech support), the workflow around executables with code signature issues is anything but straight-forward. There will be improvements to this in the next update, e.g. that these extra high priority code signature issue override rules
will become editable. Right now, you can only delete them, not edit them. We will make them editable and when you change them, they will loose their extra high priority and instead become rules with regular priority that ignore the executable’s code signature.
For now, we updated the documentation around this issue. I hope you find the following sections especially helpful:https://help.obdev.at/littlesnitch/#/ad ... osignaturehttps://help.obdev.at/littlesnitch/#/ad ... g-whattodo
Please let us know if you have ideas on how to improve the situation. Our goal is definitely not preventing things installed via Homebrew from working!