objective-see / LuLu

LuLu is the free macOS firewall
GNU General Public License v3.0
10k stars 465 forks source link

Feature Request: glob patterns support in rules #205

Open jcayzac opened 4 years ago

jcayzac commented 4 years ago

Some apps change their path each time they run, like Cisco AnyConnect:

Screen Shot 2020-07-10 at 7 46 31

Being able to specify a glob pattern would help avoid useless repetition.

superman-lopez commented 4 years ago

Also see https://github.com/objective-see/LuLu/issues/176

jcayzac commented 4 years ago

Thanks to point it out, @superman-lopez ! The two largely overlap. A minor difference maybe is that some comments on that issue concern rules matching multiple apps (e.g. a wildcard on *Adobe*). I'm only requesting glob patterns support, not matching binaries with different signatures.

jcayzac commented 4 years ago

Actually I'm not sure why LuLu even cares about the path at all. Only the basename and signature should matter…

sheldonhull commented 4 years ago

I've had smooth sailing till today when I was running some commands like go run main.go and this generates a different binary each time. I couldn't figure out why the connectivity was failing, but it was due to the blocking from LuLu (that didn't take foreground so I missed it for a while)

The binary is self-built and I want to whitelist the temporary directory so I can compile my binary without being prompted each time. I expected /var/folders/ls/**/go-build/* to work, but it expected a normal path. For now I have to disable LuLu, but hoping there is a solution.

Any tips?

objective-see commented 4 years ago

Aloha, just pushed LuLu 2.0.0 (beta!) ....one of its new features is that it applies rules globally, based on code-signing id (i.e. com.company.blah), regardless of the file's location. As such, as long as the app/binary is validly signed, this should address this issue.

Package (notarized) Download: https://bitbucket.org/objective-see/deploy/downloads/LuLu_2.0.0_BETA.zip

Would love any beta-testers/feedback! Bugs? → https://github.com/objective-see/LuLu/issues

p.s. To view (log) output, while test, run the following from the Terminal: log stream --level debug --predicate="subsystem='com.objective-see.lulu'"

ab-rdarts commented 3 years ago

@objective-see this will not work with iOS simulator applications as they are not signed and have different paths (based on UUID) on each run. So maybe only path with wildcard or based on application name can help.