Re: Firewall

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2010-12-06 at 18:07 -0800, Jesse Keating wrote:
> On 12/06/2010 06:04 PM, Adam Williamson wrote:
> > On Mon, 2010-12-06 at 19:05 +0000, Daniel P. Berrange wrote:
> > 
> >> The other benefit would be if the user only intended the
> >> service to be accessible to localhost, or a UNIX domain
> >> socket but for some reason screwed up their service's
> >> config & opened it to the world.
> > 
> > I use it as a safety net for much this reason. I am not comfortable with
> > 100% guaranteeing that 'helpful' services we install by default like
> > Avahi are not doing things I really wouldn't want them to do when I
> > connect to some open wifi network.
> 
> I think this is where the zones work that was talked about will come in
> handy.  If you connect to a new unknown network, default to firewalled
> until the user "trusts" the zone.  But if you trust the zone, trust it,
> don't get in the way.

yep, indeed. though, of course, implementation can be a pain. Windows
implements something like this, and half the vulnerability announcements
I see seem to be for things that manage to violate this model by
appearing to be from the trusted zone when they're not. (IE used to have
a similar system, which they never managed to get right, so I think
they've either removed it or they just default to every zone being
equally untrusted now).
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux