Firewall blocking desktop features

drago01 drago01 at
Fri Sep 13 09:11:57 UTC 2013

On Fri, Sep 13, 2013 at 10:23 AM, Oron Peled <oron at> wrote:
> On Friday 13 September 2013 01:51:00 drago01 wrote:
>> On Fri, Sep 13, 2013 at 1:26 AM, Oron Peled <oron at> wrote:
>> >    - This means that any privileged service controlled by GUI client (e.g:
>> >      NetworkManager) is still only as secure as it's controller (e.g:
>> >      nm-applet).
>> This is wrong. That's not how "controlling the service" works.
> Care to explain?

Yes. What I meant is nm-applet is not more privileged then any other
application in the session.
The policy says "the active session is allowed to do foo" not
"nm-applet is allowed to do foo".
So you can securing the "controller" wont help you much as long as any
other app from the active
session can be exploited.

More information about the devel mailing list