2014-04-15 18:13 GMT+02:00 Andrew Lutomirski <luto@xxxxxxx>:
MirekThis sounds like a problem that should be separately fixed.> Example: user installs software X... but oops, they didn't realize it
> was going to listen on port Y.... but that's okay, because no firewall
> rule has been enabled to allow traffic on port Y, so the user is
> secure.
Well, yes, but then we really need to be 100% sure we have fixed it. See also your own report that installing gnome-boxes pulls in running services with open ports.
With firewalls, a service, system or otherwise, can be in one of three
states: a) listening w/ firewall open, b) listening w/ firewall
closed, c) and not listening.
d) not listening, actively opening connections to the outside, and sending users' private data over there, or receiving commands from there to send arbitrary data.
Just so we are clear on the relative threat levels, malicious applications (if you are lucky, "only collecting data for the purpose of advertising") are so frequent nowadays that they are the primary threat of unwanted network communication, perhaps comparable only to automated ssh password guessing bots. Linux has so far been "lucky" in not having enough third-party applications for this to be a threat yet, but Workstation intends that to change. (And no, a firewall won't help you at all for d) ).
I keep thinking that, if I had unlimited time, I'd write a totally
different kind of firewall. It would allow some policy (userspace
daemon or rules loaded into the kernel) to determine when programs can
listen on what sockets and when connections can be accepted on those
sockets.
Similarly, ports (what I assume you mean) are getting less and less important nowadays. So much happens multiplexed over HTTP, and there are various "zero-config" browsing/advertising mechanisms that don't require use of fixed ports, only the privilege to advertise a port through the browsing mechanism.
Wouldn't it be great if, when you start some program that wants to
listen globally, your system could prompt you and ask whether it was
okay, even if that program didn't know about firewalld?
In general (assuming "unknown software" and not just specific 3 services that can be individually handled in control-center, or software specifically adjusted by Fedora to know about firewalld), no. I have no idea what the program is going to send over that connection, so I don't know how to answer, and the program can send the same data through an outgoing connection without ever interacting with the restricted listening functionality; I simply must trust the author of that program—or to prevent the program from accessing my data at all, and then the answer doesn't matter.
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
