Password Gorilla flashing "Do you want the application to accept incoming network connections"

[tandefelt]

Dear PW Gorilla community,

I am a longtime user of password gorilla, very majorly appreciate the fact the software exists.. has saved my life, so: Major thanks to all contributing to it.

I have to apologize for a question which might have a simple answer, but as the below matter bothers me since the reason for it is unclear, and as it relates to security,, I am asking about it. Hopefully someone friendly in the community can give a simple answer, so that I can stop worrying..

Here we go: Every time during the last 2-3 months, when I have created a new login in PWG and saved it, I have seen a lighting fast flashing menu (like seeing a single frame flash in a movie).. so fast, I almost did not see it at all.. But, one day, I decided to take a video of the flash, and was able to detect what the menu said. Here:

OSX is asking: "Do you want the application "Password Gorilla.app" to accept incoming network connections?". Choosing Deny may limit the application's behavior. This setting can be changed in the Firewall pane of Security & Privacy preferences"

Q: Should I be worried, or is this a function of firewall, or the F-Secure Freedome VPN I am using? Asking since I actually dont know why on earth Password Gorilla would send anything out to the internet, or need a connection anyway.. Would love to make sure I have nothing to worry, re: safety of my computer, and especially, passwords not streaming out without my knowledge. I am sure there is a simple explanation, possibly relating to digital signatures, Apple's policies, Firewall etc (?).

Thank you in advance for any helpful comments.. Just in case, the screen shot link is here:

Best regards,

Marko, Helsinki.

[SavSanta]

Did you ever figure it out? Im curious as well now. I use Linux so I dont know how Mac OS X is doing it. However I suppose you can put a proxy or a wiresniffer to capture outgoing requests and see what it causing it.

[rich123]

No, I have no idea at all why that window would pop up for PWGorilla, as PWGorilla does not create any listening network sockets at all (which would be the only way it would "accept incoming network connections". And it only creates an outgoing network connection at user request when selecting the "Help" -> "Look for Update" menu item (which, upon testing that item here myself, I get an error message, so something is not working correctly for some reason with that feature).

As well, as I do not have a Mac, I'm somewhat hampered in having any ability to test to try to see why the Mac is making the dialog appear, then disappear, nearly instantly.

[rich123]

Ah, I just had a thought. You say this pop-up occurred when creating a new password entry. One of the underlying functions that occurs upon creating a new password entry is generating a UUID to attach to the entry. The Tcllib UUID module that the currently released version of PWGorilla uses to generate UUID's (the 'uuid' module) makes some underlying calls to CLI networking programs to obtain such items as the MAC address of the device. Part of the code for the Tcllib uuid module very briefly opens a 'null' TCP server socket on MacOS (and on Linux) to obtain the IP address of the machine to mix into the UUID.

It is likely this opening of a server socket to obtain the IP address is what is triggering this popup, and the almost immediate close of the same socket (after the IP address is obtained) would likely explain the popup disappearing again almost as quickly. The popup appears because the socket is opened, to rightfully ask if such should be allowed, then disappears when the socket is closed (because once closed, there's no need to ask about network access).

This module (the Tcllib uuid generator) turns out to make too many assumptions on the formatting of the output of the various CLI network tools for Unix/Linux machines, such that at least on my Slackware systems, it actually aborts with an error instead of generating a UUID. It was the cause of commit @6284d86ebafc8a65ad7e1fc1626282317d608788 where I replaced it entirely with a randomly generated UUID created from PWGorilla's internal random number generator. The reason I replaced it was that if it fails on my systems, eventually some other Linux system will also fail, so I replaced it with something that will not fail, no matter the underlying system OS. And, as an example, it (the uuid module) did fail on Debian Sid (https://github.com/zdia/gorilla/issues/149).