an that is why we need a firewall -> Re: When a yum update sets up an MTA ...

Miloslav Trmač mitr at volny.cz
Mon Apr 28 17:27:34 UTC 2014


2014-04-28 19:13 GMT+02:00 Reindl Harald <h.reindl at thelounge.net>:

> Am 28.04.2014 19:04, schrieb Miloslav Trmač:
> > 2014-04-28 18:59 GMT+02:00 Reindl Harald <h.reindl at thelounge.net<mailto:
> h.reindl at thelounge.net>>:
> >
> >     Am 28.04.2014 18:52, schrieb Miloslav Trmač:
> >     > No no no no no.  If you want a firewall "integrated" /that/ way,
> you are really
> >     > better of uninstalling it or opening it up; it serves no purpose.
> >
> >     no, even if that way is completly wrong it's better than no firewall
> >     as i have explained multiple times there may run software not from
> >     the Fedora repos which opens ports unintentionally from the users
> >     point of view and especially a user with no network expierience
> >     will not realize that - and yes that software matters because
> >     we are talking about a *operating system*
> >
> > Well if the users' expectations were that the firewall doesn't
> "interfere" with Fedora applications, why would they
> > expect it to "interfere" with non-Fedora applications?
>
> do i really need to explain that?
>
> you can make signed fedora packages trusted and allow them
> at install or first start to interact with firewalld
>
I can't; ptrace() doesn't make such a distinction.

> And doesn't every malware know to make an _outgoing_ connection to an IRC
> server nowadays?
> > Stopping malware by blocking incoming connections is fairly illusory IMHO
>
> i find it pervert that such basics need to be discussed
>
> * you can't reahc 100% security, never, in no way
>

Still, the combined measures need to mitigate at least, say, 75% of cases,
otherwise we're not really having enough impact.
   Mirek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140428/7a7b227d/attachment.html>


More information about the devel mailing list