Sneak Preview; Security in Leopard.

(…) Leopard, Apple’s new operating system slated for release later this spring, has already been dubbed the new ‘most advanced operating system in the world’. In Leopard, Apple builds further on the foundation of the open-source XNU kernel, and makes some very drastic changes in filesystem, interface, and configuration. One of these major changes is the control panel for security and the control panel for networking. The firewall, once conveniently located in the ‘Sharing’ panel in Tiger, now resides under the ‘Security’ panel. It’s options, however, have taken a beating.

From the panel in Leopard, one can choose to allow incoming connections, disallow them, or allow only specific services or applications. In the current developer release of Leopard, the firewall’s default ruleset is easy to summarize;

[pretty much anything]> ; Allow.

I have played around with the GUI for a bit, and it seems the Services panel is about as clever as Tiger’s firewall preference panel. It’s not specifically doing what you are instructing it to do. When you check a radio button that says it will disallow all incoming connections, many services, including a host of exploitable services like svrloc and CUPS still get incoming connections and are even able to establish a connection. (…)

Expect much more soon on the preliminary security checkup of Leopard, any hacker’s new favorite OS.