Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Steampipe requests firewall exception on macOS to allow incoming connections #2478

Closed
dzqv opened this issue Sep 30, 2022 · 2 comments · Fixed by #2490
Closed

Steampipe requests firewall exception on macOS to allow incoming connections #2478

dzqv opened this issue Sep 30, 2022 · 2 comments · Fixed by #2490
Assignees
@kaidaguerre
Labels
bug Something isn't working

Comments

@dzqv
Copy link

dzqv commented Sep 30, 2022

Describe the bug
When installing the first plugin for steampipe on macOS (steampipe plugin install steampipe), macOS displays a security prompt asking for permission to allow incoming connections. Your documentation does not describe why steampipe needs to support incoming connections, so as a user it's hard to judge whether or not this tool is safe to install.

Steampipe version (steampipe -v)
Example: v0.16.4

To reproduce
Steps to reproduce the behavior (please include relevant code and/or commands).

  1. If you have previously installed the binary on macOS, open Security & Privacy -> Firewall -> Firewall Options, then remove steampipe. Uninstall steampipe.
  2. Install steampipe using brew.
  3. Install the first plugin using steampipe plugin install steampipe
  4. Observe that macOS prompts for a firewall exception.
  5. Inspect the documentation on the downloads page for a reason why this exception is needed.
  6. Observe that there is no such documentation.

Expected behavior
A clear and concise description of what you expected to happen.

If steampipe requires incoming connections, there should be adequate documentation explaining why an exception should be granted. Alternatively, explain to folks that they can configure their Firewall to block incoming connections.

Additional context
Add any other context about the problem here.

The tool works fine when the firewall is configured to block incoming connections.
@dzqv dzqv added the bug Something isn't working label Sep 30, 2022
@e-gineer
Copy link
Contributor

Steampipe doesn't have any incoming connection to itself from outside. Perhaps it's because we're opening ports for Postgres to listen (9193) and the dashboard to listen (9194)?

@binaek binaek linked a pull request Oct 6, 2022 that will close this issue
Fixes issue where steampipe requests for firewall exceptions during installation. Closes #2478 #2490
Merged
kaidaguerre pushed a commit that referenced this issue Oct 7, 2022
@binaek
Fixes issue where steampipe requests for firewall exceptions during i…
409e4b3 
…nstallation. Closes #2478
@kaidaguerre
Copy link
Contributor

Thanks for reporting this @dzqv . We have pushed a fix - initialising Steampipe will no longer require a firewall exception

When creating the Steampipe database, the initialisation code calls a function to find a free port to use during the Db init. It does this by opening (then immediately closing) a network listener and then using the port of this listener. Previously the listener was being opened without specifying an address, so was listening on all addresses, causing the firewall warning.

This has been changed to only listen on localhost.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kaidaguerre kaidaguerre

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
3 participants
@e-gineer @kaidaguerre @dzqv