Am 09.12.2014 um 14:32 schrieb Bastien Nocera:
Am 09.12.2014 um 14:23 schrieb Bastien Nocera:[1]: I haven't seen anything but arm-flailing on that issue. If somebody wants to go into details about what a server running inside the user's session would be able to do that a client wouldn't be able to, feel free.you realize the difference between a open port found by a network scan in a public WLAN by any other client and a active outgoing connection to specific machines? you realize that a security relevant bug in a service available over the network may execute *any code* not intented by the running application at all?So the solution isn't to close ports, but not run services in contexts where it isn't safe to do so. This is what we implemented
*boah* * you do not know what is running on a endusers machine * you do not know when soemthing is running why it is * you can not gurantee that just by a bug something won't run * you can guarantee *nothing at all* the only thing you can know is the default setup you shipif you think your responsibility ends with what you ship as defaults the you can't pretend you create a operating system at all
call it appliance and anything the user does with or without understanding the possible impact is unsupported
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
