As one who maintains a remix for journalists, I expect the default for
a workstation should be that you mus* explicitly know what you are
doing to open a port, and enable or start a service - the default
release should have a minimum attack surface by design. As a result of
this discussion I plan to modify my remix so that is the case - ports
open by default in Fedora 21 Workstation will be closed in OSJourno.
I'm on the fence over the ports below 1024, but I suspect those should
be closed as well.
On Mon, Dec 8, 2014 at 10:41 AM, Adam Jackson <ajax(a)redhat.com> wrote:
On Mon, 2014-12-08 at 18:40 +0100, Reindl Harald wrote:
> * vulnerable port open
Yeah, see, this bit right here is the actual issue. Curiously, AV
software on Other Operating Systems has had the ability to delegate this
very policy decision to the user session for at least a decade, and yet
nobody on this thread seems to have any desire to _write code_ to _fix
the problem_.
Instead we are treated to infinite spew about how nostalgic we are for a
security model we learned in 1996. Sorry y'all, port-based security
does not match reality's threat model. Let's be better than that.
- ajax
--
devel mailing list
devel(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct:
http://fedoraproject.org/code-of-conduct
--
Twitter:
http://twitter.com/znmeb; OSJourno: Robust Power Tools for
Digital Journalists
https://osjourno.com
Remember, if you're traveling to Bactria, Hump Day is Tuesday and Thursday.