chrisj@ut-emx.UUCP (Chris Johnson) (06/17/89)
GATEKEEPER 1.1.1 ________________________________________________________________________ Version 1.1 of GateKeeper will be replaced by a maintenance release designated as version 1.1.1. A serious bug in the version 1.1 code responsible for manipulating the privilege list has been fixed. At the same time, new features have been introduced to extend the flexibility of the security system. GateKeeper continues to prove itself effective against all known viruses. The list currently includes Scores, nVIR, Hpat, INIT 29, ANTI, AIDS and MEV#. Version 1.1.1 adds explicit awareness of the two new nVIR clones, AIDS and MEV#, in order to prevent false alarms from virus scanners. Nonetheless, even without this awareness, GateKeeper was fully effective against those viruses. NOT QUITE RIGHT ________________________________________________________________________ GateKeeper 1.1 was intended to significantly extend the minimal user interface found in 1.0, to correct a number of serious bugs, and to work around a very dangerous bug in old versions of the Control Panel. It succeded, but time has shown that 1.1 has an Achilles' heel. The primary problem with 1.1 is a bug that causes either temporary or permanent corruption of the privilege list. Although this doesn't cause everyone trouble, a very few people have found GateKeeper completely dysfunctional as a result. Others find GateKeeper acting as though it's forgotten some or all of its privileges, no matter how the privilege list reads in the Control Panel. Still others simply find the privilege list trashed or empty on rare occasions, but are spared the more serious effects mentioned above. Several version 1.1 testers reported the first symptoms of this bug prior to release, but no-one could intentionally reproduce it no matter what they tried. Efforts were made to correct the bug anyway, but with no way of testing the would-be corrections it proved impossible to be sure that the bug was eliminated. Well, the efforts to fix it were failures. Version 1.1, for all of its improvements, just wasn't quite right. NEW FEATURES ________________________________________________________________________ Although version 1.1.1 is primarily a maintenance release intended to correct bugs rather than add new functionality, a few new features have found their way in as a result of users' problem reports and suggestions. THE "ADD..." DIALOG BECOMES MORE TOLERANT In past versions the dialog box that appeared when the "Add..." button was clicked only displayed files of certain types. Although this was normally sufficient, some people, particularly MPW users, discovered that they couldn't grant privileges to all the files that needed them. Version 1.1 improved on this by allowing the user to hold down the Option key when clicking on the "Add..." button in order to see a complete list of files. Although this fixed the problem in principle, it didn't do such a great job in practice - many users never noticed the Option key trick in the on-line help. Version 1.1.1, by default, displays almost every file on disk that has a resource fork. This should completely eliminate the problem. (Of course, the Option key trick is still there if you should ever find a need for it.) NAMES IN THE PRIVILEGE LIST BECOME EDITABLE In the past, if you needed to alter a name in the privilege list, you had to clear it and then add it all over again. Now you can simply select it in the list and click on the new "Edit..." button. Of course, if you'd rather take the easy way out, you can just double-click on the item. MORE FLEXIBLE NAME MATCHING Two extensions have been made to the portion of the GateKeeper security system responsible for looking-up names in the privilege list. Both work to make GateKeeper more tolerant of strange circumstances and simple file name variations. MATCH BEGINNINGS If this option is turned on, only the beginning of a program's name is required to match an entry in the privilege list, anything left-over is ignored. In particular, this lets you build a more generalized privilege list. For instance, you can simply create an entry in the privilege list for "Font/DA Mover" without worrying about whether users' applications will actually be named "Font/DA Mover 3.8" or just "Font/DA Mover". IGNORE CASE If this option is turned on, no distinction is made between letters of different case, so "font/da mover" would be considered to match "Font/DA Mover", and "link" will be considered to match "Link". MPW users, take heed. INTERNAL ERRORS Internal Errors can now be avoided by granting all three File privileges to the applications that cause these errors. This will be of particular use to users of old versions of MacWrite and pre-1.1 versions of MacDraw. SETRESATTRS() MONITOR ALTERED The SetResAttrs() routine is a part of the Toolbox's Resource Manager. It is often used (or misused, depending on how you look at it) in the process of loading INITs. In the past, GateKeeper has been very strict about restricting the use of this Toolbox routine. This resulted in many INITs and a few applications (most notably Microsoft Excel) needing privileges in order to carry out what might be looked upon as rather trivial operations. GateKeeper 1.1.1 is less strict about the use of this routine. This should help reduce the number of INITs and applications that require Resource privileges. MS Excel, for instance, no longer requires privileges (of course, it really shouldn't have done what it was doing with SetResAttrs() in the first place). AT STARTUP: ICON You can now choose whether or not GateKeeper shows an icon at the bottom of your screen while your system starts-up. In addition, a more literal adaptation of Paul Mercer's ShowINIT code is used in this version. This eliminates the conflicts between GateKeeper and INITs like Flex and Fontsie. As a result, there are no longer any INITs that are "fundamentally incompatible" with GateKeeper. MATCH BEGINNINGS The "Match Beginnings" option has been altered to ignore leading spaces (breaking and non-breaking) in both privilege list entries and actual file names. PRIVILEGE LIST GateKeeper 1.1.1 will be released preconfigured with approximately 40 of the most commonly required privileges. This should make installation of this new version significantly easier and faster. TEXT EDITORS VS. THE GATEKEEPER LOG FILE GateKeeper now locks its log file while the file is in use. This makes it possible for some text editors to open the log even without being aware of the fact that the file is read-only. In particular, this means that the log file can now be viewed using the McSink desk accessory. CLARIS COOPERATES ________________________________________________________________________ In order to make their products fully compatible with GateKeeper, Claris has corrected problems in MacWrite and MacDraw that caused Internal Errors in GateKeeper during save operations. I have been told that the bugs are done with as of the 1.1 release of MacDraw II and the 1.0 release of MacWrite II. Know of other companies' products that also cause Internal Errors? Report the problems to the companies. I'll be happy to work with anyone in eliminating these bugs, but they have to want to do something about it before that can happen. UPDATING TO 1.1.1 ________________________________________________________________________ Getting a copy of version 1.1.1 should be easy. It will be available for anonymous FTP from the Sumex archives at Stanford University, the Simtel archives at the White Sands Missile Range, rascal.ics.utexas.edu and emx.utexas.edu. It will also be posted to the comp.binaries.mac USENET newsgroup (expect the traditional two week delay before it appears there, though). From these sources it generally spreads quickly to alert commercial time-sharing systems, BBSs and users' groups. If you don't have access to any of these sources (or "alert" just isn't the way to describe your local users' group), send me an initialized 400 or 800K diskette (I'm afraid that a SuperDrive just isn't in the cards for me in the near future) along with a self addressed, stamped envelope. I'll be happy to send 1.1.1 to you, and I'll include version 1.1 of John Norstad's public domain virus detection and repair program, Disinfectant. My address is: Chris Johnson 3311 Red River #305 Austin, TX 78705 Note that GateKeeper 1.1.1 isn't ready at the moment, so you won't find it at the FTP sites mentioned above yet. GateKeeper's code is complete, but there are a few relatively minor items that still aren't ready, like documen- tation and release notes. Version 1.1.1 should be ready for release in a week.