Re: [RFC] Allowing non-root to get iptables info?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Feb 27, 2008 at 03:51:20PM +0100, Patrick McHardy wrote:
> Well, yes, the main question is whether this causes privacy issues.
> "Security by obscurity" is a pretty poor argument, does anyone have
> a well founded reason for not allowing users to see the rules and
> counters?

I really don't think this is a good idea.  We allow non-root users
on some of our firewalls, and I don't want them to see the ruleset.
Also, it helps miscreants to better pick their targets, if they
know in advance which ports are opened.

If making this change, *please* consider making it configurable,
with the default being NO access.

Phil
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux