On Sat, December 17, 2005 3:31 pm, Jeff Spaleta said: > On 12/17/05, Callum Lerwick <seg@xxxxxxxxxx> wrote: >> They deliberately decide to poke holes in their firewall by running a >> UPNP enabled application. > > And when the user doesn't know its upnp enabled application? Or when > the application is malicious and misrepresents what its suppose to be > doing and does upnp operations withuot clear consent from the user? Well what if the program does "rm -rf ~/*" without clear consent from the user? At some point you either trust your application or you don't. The fallback here is that currently only root can alter the iptable firewall rules on the local machine, so even if a malicious program does use UPnP no packets will arrive at the local machine because they will be filtered by the local firewall. But the point has to be made again, nothing we're talking about here changes the situation of malicious code. _Today_ as Fedora exists out of the box, a malicious program can enable UPnP on a router that has it enabled. All we're talking about is using that facility as it was meant to be used, by _trusted_ application like the bit torrent client supplied with the distribution. Sean -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
