On Sat, 2005-12-17 at 07:41 -0500, Sean wrote:
Well it can be handed off to a "root" process via dbus which imposes all the necessary security. We don't want to make this an install time option, especially for peer services like BT. You don't want a static firewall rule for a process that is only running occasionally. No, what you want is an appropriate firewall rule set only for the time that BT is actually running. Anything else is a security risk in itself.
Oh I see what you are saying. When trusted application foo is being run by user in trusted group bar (or open for any user) - the firewall will open ports xxxx to yyyy should foo request they be opened - for the duration that foo is running.
That would be slick.