Firewall blocking desktop features
Reindl Harald
h.reindl at thelounge.net
Wed Sep 11 10:07:09 UTC 2013
Am 11.09.2013 12:02, schrieb Nicolas Mailhot:
> Le Mer 11 septembre 2013 11:23, Alec Leamas a écrit :
>> On 2013-09-11 11:11, Heiko Adams wrote:
>>> Am 11.09.2013 10:41, schrieb Ankur Sinha:
>>>> - These software inform and take permission from the user before
>>>> opening
>>>> ports in the firewall.
>>> IMHO it should be the job of the firewall to inform the user about an
>>> application that want's to open one or more ports and ask for permission
>>> to open that ports either temporary for the current session or
>>> permanent.
>>>
>>>
>> Is this a good idea? The firewall just knows aboyt an attempt to use a
>> specific port. It does not know which application which *really* is
>> trying to use that port. It could certainly make an educated guess, but
>> that's just not good enough in this context IMHO.
>>
>> OTOH, the application knows what ports it needs (even some which just
>> might be used later) and can also identify itself to the user. Seems
>> more reasonable to me.
>
> The application can lie and propose to open X and then when user says ok
> open Y. The prompt really needs to be initiated firewall-side
and as long there is no way for the firewall to *predictable* know
what application and display it in the user-request this whole
discusssion is *pointless* from a security point of view and
we *do not* make all the mistakes other OS vendors in the past
in this context
thank you!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20130911/f98ef962/attachment.sig>
More information about the devel
mailing list