F21 System Wide Change: Workstation: Disable firewall
Miloslav Trmač
mitr at volny.cz
Thu Apr 17 21:44:58 UTC 2014
Hello,
2014-04-15 16:28 GMT+02:00 Christian Schaller <cschalle at redhat.com>:
> ----- Original Message -----
> > From: "Reindl Harald" <h.reindl at thelounge.net>
> > To: devel at lists.fedoraproject.org
> > Sent: Tuesday, April 15, 2014 11:40:20 AM
> > Subject: Re: F21 System Wide Change: Workstation: Disable firewall
> >
> >
> > Am 15.04.2014 11:32, schrieb drago01:
> > > On Tue, Apr 15, 2014 at 11:18 AM, Reindl Harald <
> h.reindl at thelounge.net>
> > > wrote:
>
> > allow any random application to open a unprivlieged
> > port which is reachable from outside is dangerous
> >
> We already allow that and have for a long while. Any application bothering
> to support the firewalld dbus interface can open any port
> they wish to.
>
We don't, actually. *Only* applications running in a session of a member
of the wheel group would have that right, and those applications are pretty
much root-equivalent anyway. (Many GNOME users probably use such a setup,
but it's not at all the only one possible.)
The thread discussing this ended up with mostly being a discussion if the
> firewall would be a useful way to help users from accidentally
> oversharing on a public network. Which is important and something we want
> to work on, but a lot less so than security issues.
>
"Oversharing on a public network" *absolutely is a security issue*.
Heartbleed is exactly that, "oversharing" and nothing more!
Mirek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140417/c87f5812/attachment-0001.html>
More information about the devel
mailing list