"Workstation" Product defaults to wide-open firewall
Bastien Nocera
bnocera at redhat.com
Tue Dec 9 11:00:05 UTC 2014
----- Original Message -----
> As one who maintains a remix for journalists, I expect the default for
> a workstation should be that you mus* explicitly know what you are
> doing to open a port, and enable or start a service - the default
> release should have a minimum attack surface by design.
You could disable networking in that case...
> As a result of
> this discussion I plan to modify my remix so that is the case - ports
> open by default in Fedora 21 Workstation will be closed in OSJourno.
How do you plan on supporting your users that will want to share media,
or services from their desktops/laptops?
> I'm on the fence over the ports below 1024, but I suspect those should
> be closed as well.
Most ports below 1024 are already closed in Fedora Workstation, so there
wouldn't be any changes there, which makes me think you didn't get the
information about which ports are opened first-hand. You might want to
read the original thread, and the accompanying spreadsheet:
http://article.gmane.org/gmane.linux.redhat.fedora.desktop/9883/
Cheers
> On Mon, Dec 8, 2014 at 10:41 AM, Adam Jackson <ajax at redhat.com> wrote:
> > On Mon, 2014-12-08 at 18:40 +0100, Reindl Harald wrote:
> >
> >> * vulnerable port open
> >
> > Yeah, see, this bit right here is the actual issue. Curiously, AV
> > software on Other Operating Systems has had the ability to delegate this
> > very policy decision to the user session for at least a decade, and yet
> > nobody on this thread seems to have any desire to _write code_ to _fix
> > the problem_.
> >
> > Instead we are treated to infinite spew about how nostalgic we are for a
> > security model we learned in 1996. Sorry y'all, port-based security
> > does not match reality's threat model. Let's be better than that.
> >
> > - ajax
> >
> > --
> > devel mailing list
> > devel at lists.fedoraproject.org
> > https://admin.fedoraproject.org/mailman/listinfo/devel
> > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
>
>
>
> --
> Twitter: http://twitter.com/znmeb; OSJourno: Robust Power Tools for
> Digital Journalists https://osjourno.com
>
> Remember, if you're traveling to Bactria, Hump Day is Tuesday and Thursday.
> --
> devel mailing list
> devel at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
More information about the devel
mailing list