On Wednesday, October 05, 2005, at 01:49PM, <[EMAIL PROTECTED]> wrote: > >*** Objective Development was aware of this for over a year but >seamed to have decided not to act! *** > http://www.mail-archive.com/littlesnitch-talk@obdev.at/msg00132.html
The part I find interesting is: On Wednesday, October 27, 2004, at 04:50:20 -0700, <Little Snitch Support> wrote: > >2. Does Little Snitch protect me against "Opener"? > >We receive many questions about "Opener" because it explicitly refers to >Little Snitch. It sends >Little Snitch a kill signal to try to get around its >protection. We can put you at rest with this issue: Little Snitch protects >itself against being killed, even if the kill is from the super-user. It does >not "restart itself" as the script suggests, it rather ignores the kill. While I can see resistance to an Interrupt signal (SIGINT) being feasible (kill -2 or Control+c) and even some of the other kill signals such as SIGHUP or SIGTERM, I can't imagine that this behavior is desirable. How does LittleSnitch distinguish between a malicious kill and one originating from a task such as system shutdown? Why and how is a super-user kill be ignored? I also can't see how kill -9 (SIGKILL is an non-ignorable signal) can be ignored. The only cases in which SIGKILL is ignored are when the process does not receive the signal due to kernel or IO instabilities. If a process cannot receive a SIGKILL, it likely means that the system in general is unresponsive. Regardless, the main issue here is that a simple killall (which uses the most basic SIGTERM) does bring down the daemon and unrestricts network communication. A killall -9 will surely bring down the daemon. Is this ignoring of the kill signal referring to another technique? Again, Matthieu and I are only bringing these gaps to the attention of the developers and users. I'm also interested to see what the ObDev response is? Are these concerns know? Will they be addressed soon? That sort of thing. -- -- arno s hautala /-\ [EMAIL PROTECTED] -- -- _______________________________________________ Littlesnitch-talk mailing list Littlesnitch-talk@obdev.at http://at.obdev.at/mailman/listinfo/littlesnitch-talk
