----- Original Message ----- > > Am 08.12.2014 um 13:39 schrieb Bastien Nocera: > >> Well, it's in your hands now, and every application developer's hands, > >> if RH is going to be turning the default firewall off. > > > > Not Red Hat, Fedora. And it's not off by default either. It's disabled > > for user applications, not root ones > > and that is a problem > > "user applications" can be any bad code executed by the user start > listening on the WAN - guess what is more likely > > * get a rootkit opening privileged ports > * execute code by a careless user > > mircosoft has learned their lessons after WinXP SP2 and Fedora goes the > opposite direction which is very sad
Rootkit won't require opened *server* ports. It will contact a command server through a client port, which requires no special privileges. If you blocked the firewall for user applications, you just made the system a pain to use for no security benefits. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
