Firewall blocking desktop features
Ralf Corsepius
rc040203 at freenet.de
Wed Sep 11 13:20:41 UTC 2013
On 09/11/2013 02:46 PM, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 09/11/2013 06:35 AM, Heiko Adams wrote:
>> Am 11.09.2013 12:30, schrieb Alec Leamas:
>>>
>>> That said, I see your point. Seems to boil down to that only the
>>> application knows which port(s) to open and why, whereas only the
>>> firewall can guarantee that it actually opens the ports requested by
>>> user instead of something else.
>>>
>> So the application needs to ask the firewall to open one or more ports and
>> the firewall has to ask the user for permission to do so. In this szenario
>> the firewall knows what application wants which port(s) to be open. Letting
>> the application directly ask for permission to punch holes in the firewall
>> is IMHO the worst case of all and a securiry nightmare.
>>
>>
>>
>
> Asking my wife if she intends to open port 2345 is a waste of time. She has
> no idea whether or not this is required. And will quickly learn to answer ok.
>
> Asking her "Do you want to make security changes to share directory
> /home/phyllis/Share?" Or
>
> Do you want to make security changes to share Printer XYZ?
>
> Would make sense.
My marriage would be facing serious troubles, if my wife opens any port
on our shared machines ;)
Seriously, I think you guys are forgetting Linux isn't a
Single-User-Single-Seat OSes.
Ralf
More information about the devel
mailing list