On Sat, December 17, 2005 7:22 am, Michael A. Peters said: > I would NOT want that. > I've got that turned off on my Linksys - I don't want any ports at all > open for forwarding that I haven't specifically opened for forwarding. > > Last thing I want is someone at my house running some program that opens > up port forwarding on my router. Well of course that's your decision to make, but we shouldn't force that decision on everyone. > That has to be done as root, so it has to either be in Anaconda - or in > a system-config tool. I personally vote for the latter, I think Anaconda > is too complicated as it is. OS X (at least 10.1 - haven't installed > anything later) has a sweet and simple installer. But anyway, that's > just my opinion. Linus Torvalds will probably tear me a new one for > wanting an installer targeted at dumb users ;) Well it can be handed off to a "root" process via dbus which imposes all the necessary security. We don't want to make this an install time option, especially for peer services like BT. You don't want a static firewall rule for a process that is only running occasionally. No, what you want is an appropriate firewall rule set only for the time that BT is actually running. Anything else is a security risk in itself. > The problem with that is that root is required. > I know some Windows firewalls do that - but only if you are running as > admin. This is a pretty easily solved techinical hurdle. A user/application combo that has been given permission to open ports could pass the request off to a thread/process with enough permission to handle the task without a problem. dbus seems like a natural fit for this. I would argue that something along this line is the only way to avoid the security risk of a static firewall rule for an application that only runs intermittently. Sean -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
