Re: What I HATE about F11

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 14.06.09 14:01, Bruno Wolff III (bruno@xxxxxxxx) wrote:

> 
> On Sun, Jun 14, 2009 at 20:08:31 +0200,
>   Lennart Poettering <mzerqung@xxxxxxxxxxx> wrote:
> > 
> > enabled by default, like we currently do. If an application cannot be
> > trusted then it should not be allowed to listen on a port by default
> > in the first place. A firewall is an extra layer of security that
> > simply hides the actual problem.
> 
> The point of the firewall is to block connections to services that are
> only supposed to be connected from trusted locations. This may be things
> you are testing, don't intend to be running, don't bind to 127.0.0.1 instead
> of 0.0.0.0, even though they are intended to be accessed from the local
> machine, or services that you only want to accept connections from a white
> list of IP addresses.

Aha!

The currently existing firewall knows ntohing about "trusted
locations". Which is precisely what makes it so pointless.

Also, if an application listens on 0.0.0.0 but should actually be
listening on 127.0.0.1 then this is a bug, which is simply taped over
by running a firewall. This really needs to be fixed in the
application.

I mean, maybe it is just me, but I actually think that bugs should be
fixed where they are, and not by taping over them.

Everything what you wrote above simply proves my points...

Lennart

-- 
Lennart Poettering                        Red Hat, Inc.
lennart [at] poettering [dot] net
http://0pointer.net/lennart/           GnuPG 0x1A015CC4

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux