"Workstation" Product defaults to wide-open firewall

[Reindl Harald]

Am 08.12.2014 um 17:20 schrieb Bastien Nocera:
>> Am 08.12.2014 um 17:10 schrieb Bastien Nocera:
>>> There's a few more items that will be opened I'm afraid. And one of the
>>> reasons
>>> why we block root ports is to avoid regressions like rpcbind listening
>>> by default, which was due to a bug in packaging. So what you call "no
>>> firewall"
>>> would actually have prevented the potential security hole
>>
>> * go and read /etc/services above 1024
>> * they days that system service listening < 1024 are gone
>> * you can't guarantee that a similar packaging bug happens
>>     in context of a service assigned by IANA to a high port
>
> There's plenty of pre-existing services under 1024, and there's
> more likely to be bugs in those "old" services

*lol* if you start security decisions with "likely" you have lost

that "old" services are mostly known and autited

for what you opened the door is random crap coded by a schoolboy with no 
clue in a random language, placed as download on his homepage with the 
instruction "move it to your desktop, make it executeable with a right 
click in your filebrowser and just double klick on it" not mentioning 
the open port at all because it's just a new experimental feature with 
draft code implemented because "it's cool"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20141208/1a34843c/attachment.sig>