"Workstation" Product defaults to wide-open firewall

Bastien Nocera bnocera at redhat.com
Tue Dec 9 13:32:11 UTC 2014

----- Original Message -----
> Am 09.12.2014 um 14:23 schrieb Bastien Nocera:
> > [1]: I haven't seen anything but arm-flailing on that issue. If somebody
> > wants to
> > go into details about what a server running inside the user's session would
> > be
> > able to do that a client wouldn't be able to, feel free.
> you realize the difference between a open port found by a network scan
> in a public WLAN by any other client and a active outgoing connection to
> specific machines?
> you realize that a security relevant bug in a service available over the
> network may execute *any code* not intented by the running application
> at all?

So the solution isn't to close ports, but not run services in contexts where
it isn't safe to do so. This is what we implemented.

More information about the devel mailing list