On 08/03/2010, at 7:21 PM, Andrew Oliver wrote: > I don't know, sorry. Off hand, looking at the .plist it looks like there are > two options - one is an explicitauth to the executable path, the other is > exceptions. > > My default alf.plist includes Java in the explicitauth: > ... > which I would interpret as allowing any Java app, but that seems a little > counter-intuitive from a security standpoint (all a hacker has to do is craft > a java app and he's set). I read somewhere that explicitauth is stating that any application invoked by say, java, python etc. requires explicit authorisation; no matter whether java, python etc. are signed.
> > It would be interesting to note what entries you have in your .plist which > might identify how ALF is currently interpreting your app. It may be possible > to reverse-engineer the logic from there, but since I've never used ALF I > don't know anything more specific. This is exactly why I'd like to use the well-documented ipfw. ;-) I did have a look to see how my java application may be represented but didn't find out much. Kind regards, Christopher_______________________________________________ MacOSX-admin mailing list [email protected] http://www.omnigroup.com/mailman/listinfo/macosx-admin
