F21 System Wide Change: Workstation: Disable firewall

Miloslav Trma─Ź mitr at volny.cz
Thu Apr 17 21:44:58 UTC 2014


Hello,
2014-04-15 16:28 GMT+02:00 Christian Schaller <cschalle at redhat.com>:

> ----- Original Message -----
> > From: "Reindl Harald" <h.reindl at thelounge.net>
> > To: devel at lists.fedoraproject.org
> > Sent: Tuesday, April 15, 2014 11:40:20 AM
> > Subject: Re: F21 System Wide Change: Workstation: Disable firewall
> >
> >
> > Am 15.04.2014 11:32, schrieb drago01:
> > > On Tue, Apr 15, 2014 at 11:18 AM, Reindl Harald <
> h.reindl at thelounge.net>
> > > wrote:
>
> > allow any random application to open a unprivlieged
> > port which is reachable from outside is dangerous
> >
> We already allow that and have for a long while. Any application bothering
> to support the firewalld dbus interface can open any port
> they wish to.
>

We don't, actually.  *Only* applications running in a session of a member
of the wheel group would have that right, and those applications are pretty
much root-equivalent anyway.  (Many GNOME users probably use such a setup,
but it's not at all the only one possible.)

The thread discussing this ended up with mostly being a discussion if the
> firewall would be a useful way to help users from accidentally
> oversharing on a public network. Which is important and something we want
> to work on, but a lot less so than security issues.
>

"Oversharing on a public network" *absolutely is a security issue*.
Heartbleed is exactly that, "oversharing" and nothing more!
     Mirek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140417/c87f5812/attachment-0001.html>


More information about the devel mailing list