"Workstation" Product defaults to wide-open firewall
h.reindl at thelounge.net
Tue Dec 9 13:43:06 UTC 2014
Am 09.12.2014 um 14:32 schrieb Bastien Nocera:
>> Am 09.12.2014 um 14:23 schrieb Bastien Nocera:
>>> : I haven't seen anything but arm-flailing on that issue. If somebody
>>> wants to
>>> go into details about what a server running inside the user's session would
>>> able to do that a client wouldn't be able to, feel free.
>> you realize the difference between a open port found by a network scan
>> in a public WLAN by any other client and a active outgoing connection to
>> specific machines?
>> you realize that a security relevant bug in a service available over the
>> network may execute *any code* not intented by the running application
>> at all?
> So the solution isn't to close ports, but not run services in contexts where
> it isn't safe to do so. This is what we implemented
* you do not know what is running on a endusers machine
* you do not know when soemthing is running why it is
* you can not gurantee that just by a bug something won't run
* you can guarantee *nothing at all*
the only thing you can know is the default setup you ship
if you think your responsibility ends with what you ship as defaults the
you can't pretend you create a operating system at all
call it appliance and anything the user does with or without
understanding the possible impact is unsupported
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 181 bytes
Desc: OpenPGP digital signature
More information about the devel