allowing programs to open ports
Petr Spacek
pspacek at redhat.com
Tue Jan 6 08:20:19 UTC 2015
On 5.1.2015 15:57, Bastien Nocera wrote:
> ----- Original Message -----
>> Björn Persson wrote:
>>> I bet! I worry that the questions would quickly become annoying. But if
>>> ports are going to be blocked by default, then there needs to be some
>>> way for non-sysadmin users to open them.
>>
>> No, why? The ports just need to be closed, period. Non-sysadmin users
>> shouldn't be allowed to open any ports.
>
> Which leads to users being frustrated at the default firewall, which leads to
> them throwing in the towel and disabling the firewall altogether, leading to
> worse security.
Many people claim this AFAIK nobody posted link to an article/any hard data
about this. (I'm not saying that this statement is not correct, I'm saying
that I don't have reason to believe it without hard data.)
IMHO solution to this problem is what Stephen Gallagher proposed in other part
of this thread:
> I'd argue that something similar to the SELinux Troubleshooter would be
> a useful solution here, if interfaces could be added to support it.
--
Petr^2 Spacek
More information about the devel
mailing list