----- Original Message ----- > As one who maintains a remix for journalists, I expect the default for > a workstation should be that you mus* explicitly know what you are > doing to open a port, and enable or start a service - the default > release should have a minimum attack surface by design. You could disable networking in that case... > As a result of > this discussion I plan to modify my remix so that is the case - ports > open by default in Fedora 21 Workstation will be closed in OSJourno. How do you plan on supporting your users that will want to share media, or services from their desktops/laptops? > I'm on the fence over the ports below 1024, but I suspect those should > be closed as well. Most ports below 1024 are already closed in Fedora Workstation, so there wouldn't be any changes there, which makes me think you didn't get the information about which ports are opened first-hand. You might want to read the original thread, and the accompanying spreadsheet: http://article.gmane.org/gmane.linux.redhat.fedora.desktop/9883/ Cheers > On Mon, Dec 8, 2014 at 10:41 AM, Adam Jackson <ajax@xxxxxxxxxx> wrote: > > On Mon, 2014-12-08 at 18:40 +0100, Reindl Harald wrote: > > > >> * vulnerable port open > > > > Yeah, see, this bit right here is the actual issue. Curiously, AV > > software on Other Operating Systems has had the ability to delegate this > > very policy decision to the user session for at least a decade, and yet > > nobody on this thread seems to have any desire to _write code_ to _fix > > the problem_. > > > > Instead we are treated to infinite spew about how nostalgic we are for a > > security model we learned in 1996. Sorry y'all, port-based security > > does not match reality's threat model. Let's be better than that. > > > > - ajax > > > > -- > > devel mailing list > > devel@xxxxxxxxxxxxxxxxxxxxxxx > > https://admin.fedoraproject.org/mailman/listinfo/devel > > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > > > > -- > Twitter: http://twitter.com/znmeb; OSJourno: Robust Power Tools for > Digital Journalists https://osjourno.com > > Remember, if you're traveling to Bactria, Hump Day is Tuesday and Thursday. > -- > devel mailing list > devel@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/devel > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
