Am 11.09.2013 12:02, schrieb Nicolas Mailhot: > Le Mer 11 septembre 2013 11:23, Alec Leamas a écrit : >> On 2013-09-11 11:11, Heiko Adams wrote: >>> Am 11.09.2013 10:41, schrieb Ankur Sinha: >>>> - These software inform and take permission from the user before >>>> opening >>>> ports in the firewall. >>> IMHO it should be the job of the firewall to inform the user about an >>> application that want's to open one or more ports and ask for permission >>> to open that ports either temporary for the current session or >>> permanent. >>> >>> >> Is this a good idea? The firewall just knows aboyt an attempt to use a >> specific port. It does not know which application which *really* is >> trying to use that port. It could certainly make an educated guess, but >> that's just not good enough in this context IMHO. >> >> OTOH, the application knows what ports it needs (even some which just >> might be used later) and can also identify itself to the user. Seems >> more reasonable to me. > > The application can lie and propose to open X and then when user says ok > open Y. The prompt really needs to be initiated firewall-side and as long there is no way for the firewall to *predictable* know what application and display it in the user-request this whole discusssion is *pointless* from a security point of view and we *do not* make all the mistakes other OS vendors in the past in this context thank you!
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
