Re: RFE: FireKit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thursday 23 July 2009 02:16:10 pm Ahmed Kamal wrote:
> Here's a RFE for FireKit, a firewall desktop "kit". What this does is:
> 1- Exposes a dbus interface for applications to programatically open/close
> ports

I don't exactly like this. If one application gets compromised, it can now 
open other ports that may be protected. Previously, it would require 
CAP_NET_ADMIN or some other root possessed capability to make changes. There 
are a lot of important services above 1024 that a normal user could bind to. 
You don't want the system to suddenly open those ports and allow traffic.


> 2- Monitors as new daemons/applications that listen on non lo interfaces
> are started, checks if iptables is currently blocking them, and if so,
> warns the user that application X is currently blocked by the firewall

This part I like.

-Steve

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux