Firewall blocking desktop features

drago01 drago01 at gmail.com
Fri Sep 13 09:11:57 UTC 2013


On Fri, Sep 13, 2013 at 10:23 AM, Oron Peled <oron at actcom.co.il> wrote:
>
> On Friday 13 September 2013 01:51:00 drago01 wrote:
>> On Fri, Sep 13, 2013 at 1:26 AM, Oron Peled <oron at actcom.co.il> wrote:
>> >    - This means that any privileged service controlled by GUI client (e.g:
>> >      NetworkManager) is still only as secure as it's controller (e.g:
>> >      nm-applet).
>> This is wrong. That's not how "controlling the service" works.
>
> Care to explain?

Yes. What I meant is nm-applet is not more privileged then any other
application in the session.
The policy says "the active session is allowed to do foo" not
"nm-applet is allowed to do foo".
So you can securing the "controller" wont help you much as long as any
other app from the active
session can be exploited.


More information about the devel mailing list