<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">Hello,<br>2014-04-15 16:28 GMT+02:00 Christian Schaller <span dir="ltr"><<a href="mailto:cschalle@redhat.com" target="_blank">cschalle@redhat.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="">
----- Original Message -----<br>
> From: "Reindl Harald" <<a href="mailto:h.reindl@thelounge.net">h.reindl@thelounge.net</a>><br>
> To: <a href="mailto:devel@lists.fedoraproject.org">devel@lists.fedoraproject.org</a><br>
> Sent: Tuesday, April 15, 2014 11:40:20 AM<br>
> Subject: Re: F21 System Wide Change: Workstation: Disable firewall<br>
><br>
><br>
> Am 15.04.2014 11:32, schrieb drago01:<br>
> > On Tue, Apr 15, 2014 at 11:18 AM, Reindl Harald <<a href="mailto:h.reindl@thelounge.net">h.reindl@thelounge.net</a>><br>
> > wrote:<br>
<br>
</div><div class="">> allow any random application to open a unprivlieged<br>
> port which is reachable from outside is dangerous<br>
><br>
</div>We already allow that and have for a long while. Any application bothering to support the firewalld dbus interface can open any port<br>
they wish to.<br></blockquote><div><br></div><div>We don't, actually. <i>Only</i> applications running in a session of a member of the wheel group would have that right, and those applications are pretty much root-equivalent anyway. (Many GNOME users probably use such a setup, but it's not at all the only one possible.)<br>
<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">The thread discussing this ended up with mostly being a discussion if the firewall would be a useful way to help users from accidentally<br>
oversharing on a public network. Which is important and something we want to work on, but a lot less so than security issues.<br></blockquote><div><br></div></div>"Oversharing on a public network" <u>absolutely is a security issue</u>. Heartbleed is exactly that, "oversharing" and nothing more!<br>
</div><div class="gmail_extra"> Mirek<br></div></div>