On Mon, 2010-12-06 at 18:07 -0800, Jesse Keating wrote: > On 12/06/2010 06:04 PM, Adam Williamson wrote: > > On Mon, 2010-12-06 at 19:05 +0000, Daniel P. Berrange wrote: > > > >> The other benefit would be if the user only intended the > >> service to be accessible to localhost, or a UNIX domain > >> socket but for some reason screwed up their service's > >> config & opened it to the world. > > > > I use it as a safety net for much this reason. I am not comfortable with > > 100% guaranteeing that 'helpful' services we install by default like > > Avahi are not doing things I really wouldn't want them to do when I > > connect to some open wifi network. > > I think this is where the zones work that was talked about will come in > handy. If you connect to a new unknown network, default to firewalled > until the user "trusts" the zone. But if you trust the zone, trust it, > don't get in the way. yep, indeed. though, of course, implementation can be a pain. Windows implements something like this, and half the vulnerability announcements I see seem to be for things that manage to violate this model by appearing to be from the trusted zone when they're not. (IE used to have a similar system, which they never managed to get right, so I think they've either removed it or they just default to every zone being equally untrusted now). -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org http://www.happyassassin.net -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel