On Sat, 2005-12-17 at 16:04 -0500, Sean wrote: > It's a low risk feature that adds signficant ease of use for the user. > You haven't shown at all how it could be exploited. If I knew how it could, I would have alerted upstream and vendors to get a CVE assigned and a fix coordinated. Unfortunately not all folks who discover flaws act in this way. With a port forward, any traffic at all can be pushed to the client. Who knows what kind of overflows or whatnot may be in the client software, that could lead to something which the client has rights to do, such as 'remove your temp files, which are ~/*'. My point is that forwarding ports is a risk. Sure it could just wipe your user files, but maybe it could do more. I don't know, I am not a security expert. Forwarded ports are much different than established/related packets. Unassociated traffic can come in at will. This kind of risk needs to be something a USER assumes, not a distribution. -- Jesse Keating RHCE (geek.j2solutions.net) Fedora Legacy Team (www.fedoralegacy.org) GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
