Which OS is this? It does not happen on my Catalina.
Thanks,
Matt
On Fri, Aug 28, 2020 at 10:52 PM Barry Smith <[email protected]> wrote:
>
>
> On Aug 28, 2020, at 3:47 PM, Jed Brown <[email protected]> wrote:
>
> "Hapla Vaclav" <[email protected]> writes:
>
> On MacOS, maybe you also have lots of firewall popups
> appearing/disappearing when running tests like
> Do you want the application "ex29" to accept incoming network connections?
>
>
> Is there a way to express that the application does not need (should not
> accept) incoming connections?
>
>
> Yes, this also seems to work:
>
> sudo $$FW --block $$APP
>
> instead of
>
> sudo $$FW --unblock $$APP
>
> The parallel program still runs correctly to conclusion without the popup.
>
> So my conclusion is that at listen() or some later system call it always
> pops up the window (unless the user as already blocked or unblocked the
> executable) without regard to whether an outside (from the machine)
> connection to the process is attempted.
>
> The routine has an undocumented option -a <listen or accept> when you run
> with
>
> /usr/libexec/ApplicationFirewall/socketfilterfw -d -a accept
>
> it prints ASKWHENACCEPT which seems to indicate it will delay the popup
> until an accept is called but I can't confirm this because the debugger
> never stops in accept on one process but the popup still comes up so this
> argument may be ignored.
>
> If I were Junchao I would not do the popup until the code tried to
> accepted an EXTERNAL connection (the lazy evaluation) but I cannot get it
> to behave this way.
>
> If I disconnect from the network I still get the popups.
>
> The pop up is asynchronous also, when the popup is still up the program
> keeps run (even in parallel) and ends normally. Then the popup disappears.
>
> Apple could make this friendly without hurting security but then Apple
> never cared about external developers for the Mac.
>
>
>
> Normalizing sudo during build/testing seems really bad.
>
>
>
--
What most experimenters take for granted before they begin their
experiments is infinitely more interesting than any results to which their
experiments lead.
-- Norbert Wiener
https://www.cse.buffalo.edu/~knepley/ <http://www.cse.buffalo.edu/~knepley/>
