Previous 1 2 Next 26 Replies Latest reply: Jul 7, 2012 3:53 PM by red_menace
mark133 Level 1 Level 1 (65 points)

xCode is asking for both administrator and Darwin passwords. Is that required to run xCode?

  • K T Level 7 Level 7 (23,700 points)

    A local admin logon can be needed to install certain components, docs, etc.

  • mark133 Level 1 Level 1 (65 points)

    Is gdb-i386-apple-darwin supposed to be asking me for the password?

  • mark133 Level 1 Level 1 (65 points)

    And also Developer Tools?

  • mark133 Level 1 Level 1 (65 points)

    And should all these stealth mode port connection attempts be showing up from the AT&T router?


  • mark133 Level 1 Level 1 (65 points)

    And isn't this someone getting denied mach-port connection, then logging on long enough to try to copy a file, then getting timed out, then getting denied mach-port connection again?


  • red_menace Level 6 Level 6 (14,905 points)

    Those are from the sandbox and quicklook daemon processes running on your machine - you can use the Activity Monitor application to get more information about the process ID.

  • red_menace Level 6 Level 6 (14,905 points)

    If your user is not an administrative one and is not a member of the _developer group, various Developer Tools may require an administrative password.

  • mark133 Level 1 Level 1 (65 points)

    The process isn't running now. Is there some way to locate the user information from that process via the process id?


    I'm the administrator, and I'm registered as a developer, but not on the paying developer program. I have no trouble accessing all the manuals and libraries on xCode, but when I run it, I'm asked to type both the administrator and Core passwords. The build still proceeds.

  • g_wolfman Level 4 Level 4 (1,120 points)

    A number of components (including the debugger(s)) need to run special kernel-level code in order to work.  These processes will require your password.  On the command line, you would probably have to run them under sudo.


    The stealth mode connection attempts on your firewall are a consequence of enabling stealth mode...You can see that they all refer to UDP connections.  When you are in stealth mode, your firewall will report on any unsolicited attempts to connect to your system.  But UDP is always unsolicited by definition - it's a stateless protocol.  My guess is that the vast majority of them are DNS (UDP 53) responses from your router to your mchine.


    Stealth mode is more annoying than it's worth, gives no real security where it's actually needed and using it is being a bad network neighbour.


    The sandbox warnings are likely similarly innocuous.  They are for QTKitServer, the Quicktime component for Webkit used to (for example) watch media on websites.  I still sometimes get sandboxd wrnings on my system for things like Spotlight components...which you would think should be well integrated into the sandbox system.


    More importantly, a mach port is a low level inter-process communication mechanism.  For someone malicious to be in a position to request them, they would basically have to already own your box, in which case they wouldn't need them.  And the few "mach-level" exploits I've ever seen discussed were entirely theoretical.

  • mark133 Level 1 Level 1 (65 points)

    I was concerned because some of my files, which are in folders that have no public access, were accessed. Checking the files themselves, I find that they do have public access permission on the file.


    So I wonder, first, is it necessary to change permissions on each file, even if the folder that they are in has no public access? and also,


    Is that the web/network environment, that I can expect to have files on my computer routinely accessed if the permission is public access? Is it just techies and developers and hackers and companies and governments that can be expected to access files on my computer when I am connected to the internet, or is that capability more common than I realize, and I just simply haven't been 'in the know' about that?


    Or are even tech savvy users not expected to browse an individual's computer for open, public access files?

  • mark133 Level 1 Level 1 (65 points)

    When I checked the port operations before I put in stealth mode and a password for the kernel, there were 8 active ports from my router. The machine was getting hot during and after connection to the router.


    Now there are 2 active ports, and the computer does not get hot. Plus my networking works much faster and does everything I want it to do (apart from the trouble with running xCode). That leads me to believe that AT&T was serving any number of excessive connections to my machine?

  • red_menace Level 6 Level 6 (14,905 points)

    You don't have to change permissions on files that are in folders not accessable to others, since the folder will not be accessible.  The default setting is for items to be readable by others (in the event it is placed in a public location), but the containing folder determines who can get to it.


    There are many files that the system accesses during the course of doing its thing - you would need to provide more details about what files you think were accessed by others (and why you think they were accessed by others at all).  Running behind a router with the OS X firewall on makes it very unlikely that someone accessed your files out of the blue, and using something like Little Snitch will limit what traffic goes out of your machine as well.

  • mark133 Level 1 Level 1 (65 points)

    And I'm still trying to figure out where I changed the stealth mode setting.


    I think you hit on a very important theme with that point about stealth mode. It applies to many other areas of social interaction, but particularly to networking for many people.


    When there is a group that understands security, and norms for being a 'good network neighbor' to support that security, then for people who don't understand security, that same 'good neighbor' group can very easily become a 'bad network neighbor' as a whole. For example, when companies are accessing the computers of individuals, it is the same as hacking, if those individuals do not understand the architecture, the security architecture, or how to properly use the security technology. After all, a hacker is someone who breaches a system through a means by which the host is ignorant.


    Promoting and simplifying individual computer security should be a fundamental purpose of every 'good network neighbor' but I have found the contrary to be the case. Questions of security are usually dismissed by 'good network neighbors' as irrelevant, by companies and individuals alike.

  • mark133 Level 1 Level 1 (65 points)

    The particular file that was accessed was a motion project with public access in a folder that was not public access. The smaller image posted above of the mach port requests is the screen shot from console. I was pretty sure I didn't access that file during that time, but it's possible.


    I'm not as concerned about any incident in particular as much as I am about getting a good understanding of the network environment in general. It does seem like there are quite a number of entities accessing individual computers for marketing or intelligence, and that seems to cause a lot of slowing of computers, overheating, and similar issues, apart from the information gathering itself, which most people would likely object to if they knew exactly what to do about it.


    Also, it looks like developers are encouraged by Apple to understand security and how passing of information should be done in such a way as to limit potential security breaches.


    At the same time, encouraging the kind of networking that developed Unix, etc, and shareware tools along with open communication is also a good vision. But to advance it without public knowledge, or in spite of public ignorance with respect to personal security and 'good network neighbor' practices is terrible.

Previous 1 2 Next