David Zeuthen wrote: > On Mon, 2008-10-27 at 15:51 -0400, seth vidal wrote: >> We have a number of applications that end of listening on random ports. >> At which point the system is vulnerable (or sometimes just the user) is >> vulnerable to whatever those daemons are vulnerable to. > > The solution here would be to confine these daemons with SELinux >> If the process needs to be able to listen on an external port then that >> needs to be enabled separately. You don't just turn off all the rules as >> a solution. > > However, I'd argue that people end up doing this anyway. Yes, and I suspect a large percentage of the people who are turning off the firewall because it keeps them from getting work done are also turning off SELinux because it keeps them from getting work done. So... -- Dan -- Fedora-desktop-list mailing list Fedora-desktop-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-desktop-list
