On 10/01/2012 10:04 PM, Stephen John Smoogen wrote:
On 30 September 2012 23:09, Ed Greshko <Ed.Greshko(a)greshko.com>
wrote:
> I just started playing around with firewalld and I found something that doesn't
seem right to me.
>
> If any user starts firewall-applet and then selects "Block all network
traffic" it will do as asked without any prompt for root's password or any other
authentication.
>
> This seems crazy to me.
Does the opposite work? Can the person turn off the firewall?
I imagine that the on/off setting is what is labeled "Shields UP". Not sure of
their jargon. But, here is the "strange" thing.
When the applet is started the "Shields UP" is unchecked. But, for sure the
firewall is running.
If you check the box, you get an authentication dialog. If you hit "cancel" I
would expect the box to remain unchecked. However, it switches to being checked....even
though nothing is done.
Checking the box and providing the root password results in a error message (iptables:
Invalid argument) in the terminal where the applet was started as well as an selinux AVC
denial.
Uggh...
--
Programming today is a race between software engineers striving to build bigger and better
idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far,
the Universe is winning. -- Rick Cook, The Wizardry Compiled