firewalld this doesn't seem right....
Ed Greshko
Ed.Greshko at greshko.com
Mon Oct 1 23:34:29 UTC 2012
On 10/01/2012 10:04 PM, Stephen John Smoogen wrote:
> On 30 September 2012 23:09, Ed Greshko <Ed.Greshko at greshko.com> wrote:
>> I just started playing around with firewalld and I found something that doesn't seem right to me.
>>
>> If any user starts firewall-applet and then selects "Block all network traffic" it will do as asked without any prompt for root's password or any other authentication.
>>
>> This seems crazy to me.
> Does the opposite work? Can the person turn off the firewall?
>
I imagine that the on/off setting is what is labeled "Shields UP". Not sure of their jargon. But, here is the "strange" thing.
When the applet is started the "Shields UP" is unchecked. But, for sure the firewall is running.
If you check the box, you get an authentication dialog. If you hit "cancel" I would expect the box to remain unchecked. However, it switches to being checked....even though nothing is done.
Checking the box and providing the root password results in a error message (iptables: Invalid argument) in the terminal where the applet was started as well as an selinux AVC denial.
Uggh...
--
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -- Rick Cook, The Wizardry Compiled
More information about the test
mailing list