Mac OS X Server Firewall Serial Hole

Those wacky kids at Macintouch have noticed Mac OS X Server 10.4 scopes the local network looking for duplicate serial numbers. Nothing outrageous, typical fare for commercial software.

What they haven’t noticed yet is Mac OS X Server 10.4 overrides an explicit administrator firewall security setting to keep its copy protection functional.

OSXS 10.4’s “Server Admin” lists “Serial Number Support” on UDP port 626 under its firewall pane, with an option to turn it off. You can, in fact, block that port with the UI. And it will work for a little while.

However, serialnumberd will eventually notice this and re-enable UDP port 626 itself. This results in a disparity where Server Admin’s UI says you have port 626 disabled, but it’s clearly active in the “Active Rules” pane.

I shot a quickie video walking through the entire affair: Mac OS X Server Firewall Serial Hole (QuickTime 7, 3.4 MB).

(Note I cut out the boring video time before serialnumberd wrote out its console message. It took something like a minute.)

Practically, this means every Mac OS X Server 10.4 deployment, regardless of its GUI firewall setting, will accept and attempt to act on UDP packets sent to port 626. Given the fact serialnumberd runs as root and is known not to be free of bugs, I find this worrisome.

Thanks to Alex Rosenberg for tracking this down.

Monday, July 31, 2006
11:52 PM