"Workstation" Product defaults to wide-open firewall
Bastien Nocera
bnocera at redhat.com
Mon Dec 8 12:56:28 UTC 2014
----- Original Message -----
>
> Am 08.12.2014 um 13:39 schrieb Bastien Nocera:
> >> Well, it's in your hands now, and every application developer's hands,
> >> if RH is going to be turning the default firewall off.
> >
> > Not Red Hat, Fedora. And it's not off by default either. It's disabled
> > for user applications, not root ones
>
> and that is a problem
>
> "user applications" can be any bad code executed by the user start
> listening on the WAN - guess what is more likely
>
> * get a rootkit opening privileged ports
> * execute code by a careless user
>
> mircosoft has learned their lessons after WinXP SP2 and Fedora goes the
> opposite direction which is very sad
Rootkit won't require opened *server* ports. It will contact a command server
through a client port, which requires no special privileges. If you blocked
the firewall for user applications, you just made the system a pain to use for
no security benefits.
More information about the devel
mailing list