Michael Cronenworth wrote:
Ahmed Kamal on 07/23/2009 04:54 PM wrote:
Exactly the point, the user shares his desktop, or starts some service
using the services GUI, and FireKit should offer to help. Moreover, this
actually would improve desktop security, since without FireKit, a
typical user after wasting half an hour, would understand it was the
firewall blocking him, and would simply disable it for good. This
happens on any OS. However, with FireKit, pro-actively offering to help
the user, and requesting by default a limited time-window for opening
the ports, actually ensures a better desktop security
The user should simply be prompted:
"Do you want "Vino Remote Desktop" to be allowed network access?"
(Yes or No)
I have to ask... when are we going to see Linux allow network access
based on the checksum of the process that wants to use it? After all,
'doze has had this ability for years. (Maybe SELinux can provide this
already?)
Having said that, something like FireKit is obviously a step in the
right direction. I presume in addition to <time> there will be options
to open a port 'forever', 'until reboot', 'until the process using the
port goes away'.
Also, "Do you want <app> to be allowed to accept connections from the
network?" :-) ...outbound access != inbound access.
--
Matthew
Please do not quote my e-mail address unobfuscated in message bodies.
--
"What is a release plan, anyway?" -- Oswald Buddenhagen
...who I'm sure did not mean it seriously ;-)
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
