Firewall blocking desktop features
Reindl Harald
h.reindl at thelounge.net
Thu Sep 12 06:32:01 UTC 2013
Am 12.09.2013 08:25, schrieb Pierre-Yves Chibon:
>> Application should request the ports to be opened and the firewalld
>> layer should then confirm with the user stating which ports and
>> which app requested said ports. The app can't lie if the firewall
>> layer is the one asking for confirmation.
>
> But a malicious app can pretend to be another one, unless there is a way for the
> firewall to know which app is asking in a way that cannot be forged
the problem is that people refuse to understand security implications
until it is too late and in context of a firewall this is fatal
proven by 80 out of 100 alerts on securityfocus for *any* sort of software
and before someone comes out with "but konqueror is from a package"
well, and you be 100% sure that you not treat /usr/local/bin/ or
~/bin/konqueror the same trusted way and how do you make it sure?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20130912/2983be32/attachment.sig>
More information about the devel
mailing list