"Workstation" Product defaults to wide-open firewall
bnocera at redhat.com
Tue Dec 9 13:32:11 UTC 2014
----- Original Message -----
> Am 09.12.2014 um 14:23 schrieb Bastien Nocera:
> > : I haven't seen anything but arm-flailing on that issue. If somebody
> > wants to
> > go into details about what a server running inside the user's session would
> > be
> > able to do that a client wouldn't be able to, feel free.
> you realize the difference between a open port found by a network scan
> in a public WLAN by any other client and a active outgoing connection to
> specific machines?
> you realize that a security relevant bug in a service available over the
> network may execute *any code* not intented by the running application
> at all?
So the solution isn't to close ports, but not run services in contexts where
it isn't safe to do so. This is what we implemented.
More information about the devel