Hello,
2014-04-15 16:28 GMT+02:00 Christian Schaller <cscha...@redhat.com>:
> ----- Original Message -----
> > From: "Reindl Harald" <h.rei...@thelounge.net>
> > To: devel@lists.fedoraproject.org
> > Sent: Tuesday, April 15, 2014 11:40:20 AM
> > Subject: Re: F21 System Wide Change: Workstation: Disable firewall
> >
> >
> > Am 15.04.2014 11:32, schrieb drago01:
> > > On Tue, Apr 15, 2014 at 11:18 AM, Reindl Harald <
> h.rei...@thelounge.net>
> > > wrote:
>
> > allow any random application to open a unprivlieged
> > port which is reachable from outside is dangerous
> >
> We already allow that and have for a long while. Any application bothering
> to support the firewalld dbus interface can open any port
> they wish to.
>
We don't, actually. *Only* applications running in a session of a member
of the wheel group would have that right, and those applications are pretty
much root-equivalent anyway. (Many GNOME users probably use such a setup,
but it's not at all the only one possible.)
The thread discussing this ended up with mostly being a discussion if the
> firewall would be a useful way to help users from accidentally
> oversharing on a public network. Which is important and something we want
> to work on, but a lot less so than security issues.
>
"Oversharing on a public network" *absolutely is a security issue*.
Heartbleed is exactly that, "oversharing" and nothing more!
Mirek
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
