On Wed, 11 Sep 2013, Thomas Woerner wrote:
On 09/10/2013 10:07 PM, Peter Oliver wrote:
Now, if you're running a server and you install, say, Apache, I think
you expect to have to go and poke at the firewall config, but these seem
to be very desktop-focused features, and the UI provides no clue
On Fri, 2013-09-13 at 11:23 +0300, Oron Peled wrote:
> On Friday 13 September 2013 01:51:00 drago01 wrote:
> > On Fri, Sep 13, 2013 at 1:26 AM, Oron Peled wrote:
> > >- This means that any privileged service controlled by GUI client (e.g:
> > > NetworkManager) is still only as secure as i
On Fri, Sep 13, 2013 at 10:23 AM, Oron Peled wrote:
>
> On Friday 13 September 2013 01:51:00 drago01 wrote:
>> On Fri, Sep 13, 2013 at 1:26 AM, Oron Peled wrote:
>> >- This means that any privileged service controlled by GUI client (e.g:
>> > NetworkManager) is still only as secure as it
On Friday 13 September 2013 01:51:00 drago01 wrote:
> On Fri, Sep 13, 2013 at 1:26 AM, Oron Peled wrote:
> >- This means that any privileged service controlled by GUI client (e.g:
> > NetworkManager) is still only as secure as it's controller (e.g:
> > nm-applet).
> This is wrong. T
On Fri, Sep 13, 2013 at 1:26 AM, Oron Peled wrote:
>- This means that any privileged service controlled by GUI client (e.g:
> NetworkManager) is still only as secure as it's controller (e.g:
> nm-applet).
This is wrong. That's not how "controlling the service" works.
--
devel mailing
On Thursday 12 September 2013 09:23:13 Colin Walters wrote:
> On Thu, 2013-09-12 at 10:01 +0300, Oron Peled wrote:
> > * From pid you can find the real executable (/proc/pid/cmd).
>
> And this is the step that's worthless:
>
> https://bugzilla.gnome.org/show_bug.cgi?id=533493
Thanks, that was
Am 12.09.2013 08:25, schrieb Pierre-Yves Chibon:
>> Application should request the ports to be opened and the firewalld
>> layer should then confirm with the user stating which ports and
>> which app requested said ports. The app can't lie if the firewall
>> layer is the one asking for confirmati
Am 11.09.2013 23:18, schrieb Mateusz Marzantowicz:
> On 11.09.2013 17:24, Daniel J Walsh wrote:
>> On 09/11/2013 09:18 AM, Reindl Harald wrote:
The problem with this solution is potential conflicts in port numbers and
pps that just use random ports (Which I think should just not be allo
On Thu, 2013-09-12 at 10:01 +0300, Oron Peled wrote:
> * From pid you can find the real executable (/proc/pid/cmd).
And this is the step that's worthless:
https://bugzilla.gnome.org/show_bug.cgi?id=533493
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/m
On Thursday 12 September 2013 08:25:21 Pierre-Yves Chibon wrote:
> > Application should request the ports to be opened and the firewalld
> > layer should then confirm with the user stating which ports and
> > which app requested said ports. The app can't lie if the firewall
> > layer is the one a
> Application should request the ports to be opened and the firewalld
> layer should then confirm with the user stating which ports and
> which app requested said ports. The app can't lie if the firewall
> layer is the one asking for confirmation.
But a malicious app can pretend to be another one
Am 10.09.2013 23:38, schrieb Heiko Adams:
> Am 10.09.2013 23:11, schrieb Reindl Harald:
>
>>> AFAIR the samba client port is also blocked by default which makes it
>>> impossible to share files with windows machines
>>
>> what is a samba *client* port?
> It's port 137 and 138 UDP
mhh - and why
Am 11.09.2013 04:17, schrieb Ankur Sinha:
> On Wed, 2013-09-11 at 00:01 +0200, Alec Leamas wrote:
>> Nobody questions this. Thie issue in this thread is if we could find
>> ways to make it simpler to enable these services.
>
> Last I checked, the bugs already spoke about giving utilities the
>
Am 11.09.2013 12:02, schrieb Nicolas Mailhot:
> Le Mer 11 septembre 2013 11:23, Alec Leamas a écrit :
>> On 2013-09-11 11:11, Heiko Adams wrote:
>>> Am 11.09.2013 10:41, schrieb Ankur Sinha:
- These software inform and take permission from the user before
opening
ports in the firewal
Am 11.09.2013 00:01, schrieb Alec Leamas:
> On 2013-09-10 23:11, Reindl Harald wrote:
>>
>> Am 10.09.2013 22:58, schrieb Heiko Adams:
>>> Am 10.09.2013 22:07, schrieb Peter Oliver:
Empathy's "People Nearby" feature doesn't work out of the box because
the required ports are blocked by de
On Wed, 2013-09-11 at 23:18 +0200, Mateusz Marzantowicz wrote:
> On 11.09.2013 17:24, Daniel J Walsh wrote:
> > On 09/11/2013 09:18 AM, Reindl Harald wrote:
> >
> >
> >> Am 11.09.2013 15:05, schrieb Daniel J Walsh:
> >>> On 09/11/2013 08:56 AM, Alec Leamas wrote:
> Although this would work f
On 11.09.2013 17:24, Daniel J Walsh wrote:
> On 09/11/2013 09:18 AM, Reindl Harald wrote:
>
>
>> Am 11.09.2013 15:05, schrieb Daniel J Walsh:
>>> On 09/11/2013 08:56 AM, Alec Leamas wrote:
Although this would work for both our wifes I'd hate it myself. There
need to be some way in the
Am 11.09.2013 15:05, schrieb Daniel J Walsh:
> On 09/11/2013 08:56 AM, Alec Leamas wrote:
>> Although this would work for both our wifes I'd hate it myself. There need
>> to be some way in the interface to understand what's *really* going on
>> here, the ports opened, triggers etc. But not unles
On 09/10/2013 10:07 PM, Peter Oliver wrote:
Empathy's "People Nearby" feature doesn't work out of the box because
the required ports are blocked by default by the firewall
(https://bugzilla.redhat.com/show_bug.cgi?id=844308). It's a similar
story with Gnome's "Media Sharing" feature, and I'm sur
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/11/2013 09:18 AM, Reindl Harald wrote:
>
>
> Am 11.09.2013 15:05, schrieb Daniel J Walsh:
>> On 09/11/2013 08:56 AM, Alec Leamas wrote:
>>> Although this would work for both our wifes I'd hate it myself. There
>>> need to be some way in the in
On 09/11/2013 10:59 AM, Ankur Sinha wrote:
- The software*must* inform the user and take permission before opening
ports.
Hmm, can you use this feature?:
https://lists.fedoraproject.org/pipermail/devel/2013-July/186797.html
I.e. you will write script, which will ask admin and open the port.
A
On 09/11/2013 06:30 AM, Alec Leamas wrote:
On 2013-09-11 12:02, Nicolas Mailhot wrote:
Le Mer 11 septembre 2013 11:23, Alec Leamas a écrit :
On 2013-09-11 11:11, Heiko Adams wrote:
Am 11.09.2013 10:41, schrieb Ankur Sinha:
- These software inform and take permission from the user before
openi
On 2013-09-11 15:41, Ralf Corsepius wrote:
On 09/11/2013 03:32 PM, Alec Leamas wrote:
On 2013-09-11 15:20, Ralf Corsepius wrote:
On 09/11/2013 02:46 PM, Daniel J Walsh wrote:
-BEGIN PGP SIGNED MESSAGE-
Asking her "Do you want to make security changes to share directory
/home/phyllis
On 09/11/2013 03:32 PM, Alec Leamas wrote:
On 2013-09-11 15:20, Ralf Corsepius wrote:
On 09/11/2013 02:46 PM, Daniel J Walsh wrote:
-BEGIN PGP SIGNED MESSAGE-
Asking her "Do you want to make security changes to share directory
/home/phyllis/Share?" Or
Do you want to make security c
On 2013-09-11 15:20, Ralf Corsepius wrote:
On 09/11/2013 02:46 PM, Daniel J Walsh wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/11/2013 06:35 AM, Heiko Adams wrote:
Am 11.09.2013 12:30, schrieb Alec Leamas:
That said, I see your point. Seems to boil down to that only the
applic
On 09/11/2013 02:46 PM, Daniel J Walsh wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/11/2013 06:35 AM, Heiko Adams wrote:
Am 11.09.2013 12:30, schrieb Alec Leamas:
That said, I see your point. Seems to boil down to that only the
application knows which port(s) to open and why,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/11/2013 08:56 AM, Alec Leamas wrote:
> On 2013-09-11 14:46, Daniel J Walsh wrote:
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
>>
>> On 09/11/2013 06:35 AM, Heiko Adams wrote:
>>> Am 11.09.2013 12:30, schrieb Alec Leamas:
That said, I s
On 2013-09-11 14:46, Daniel J Walsh wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/11/2013 06:35 AM, Heiko Adams wrote:
Am 11.09.2013 12:30, schrieb Alec Leamas:
That said, I see your point. Seems to boil down to that only the
application knows which port(s) to open and why, wher
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/11/2013 06:35 AM, Heiko Adams wrote:
> Am 11.09.2013 12:30, schrieb Alec Leamas:
>>
>> That said, I see your point. Seems to boil down to that only the
>> application knows which port(s) to open and why, whereas only the
>> firewall can guar
Am 11.09.2013 12:30, schrieb Alec Leamas:
>
> That said, I see your point. Seems to boil down to that only the
> application knows which port(s) to open and why, whereas only the
> firewall can guarantee that it actually opens the ports requested by
> user instead of something else.
>
So the a
On 2013-09-11 12:02, Nicolas Mailhot wrote:
Le Mer 11 septembre 2013 11:23, Alec Leamas a écrit :
On 2013-09-11 11:11, Heiko Adams wrote:
Am 11.09.2013 10:41, schrieb Ankur Sinha:
- These software inform and take permission from the user before
opening
ports in the firewall.
IMHO it should be
Le Mer 11 septembre 2013 11:23, Alec Leamas a écrit :
> On 2013-09-11 11:11, Heiko Adams wrote:
>> Am 11.09.2013 10:41, schrieb Ankur Sinha:
>>> - These software inform and take permission from the user before
>>> opening
>>> ports in the firewall.
>> IMHO it should be the job of the firewall to i
On 2013-09-11 11:11, Heiko Adams wrote:
Am 11.09.2013 10:41, schrieb Ankur Sinha:
- These software inform and take permission from the user before opening
ports in the firewall.
IMHO it should be the job of the firewall to inform the user about an
application that want's to open one or more por
Am 11.09.2013 10:41, schrieb Ankur Sinha:
>
> - These software inform and take permission from the user before opening
> ports in the firewall.
IMHO it should be the job of the firewall to inform the user about an
application that want's to open one or more ports and ask for permission
to open t
On Wed, 2013-09-11 at 18:41 +1000, Ankur Sinha wrote:
> - These software inform and take permission from the user before
> opening
> ports in the firewall.
In light of the parallel discussion on "too many password prompts", as
pointed out by Bochecha, I'd like to clarify:
- The software *must* in
On Wed, 2013-09-11 at 10:04 +0200, Reindl Harald wrote:
> and who controls for sure that bad software does not the same?
The source of all this software is available to be looked at. So really,
you can verify that only the required ports are opened up.
> *nobody* and *nothing* has to punch holes
On Wed, 2013-09-11 at 00:01 +0200, Alec Leamas wrote:
> Nobody questions this. Thie issue in this thread is if we could find
> ways to make it simpler to enable these services.
Last I checked, the bugs already spoke about giving utilities the
ability to punch holes in the firewall and then close
On 2013-09-10 23:11, Reindl Harald wrote:
Am 10.09.2013 22:58, schrieb Heiko Adams:
Am 10.09.2013 22:07, schrieb Peter Oliver:
Empathy's "People Nearby" feature doesn't work out of the box because
the required ports are blocked by default by the firewall
(https://bugzilla.redhat.com/show_bug.c
Am 10.09.2013 22:07, schrieb Peter Oliver:
> Empathy's "People Nearby" feature doesn't work out of the box because
> the required ports are blocked by default by the firewall
> (https://bugzilla.redhat.com/show_bug.cgi?id=844308). It's a similar
> story with Gnome's "Media Sharing" feature, and I'
Am 10.09.2013 22:58, schrieb Heiko Adams:
> Am 10.09.2013 22:07, schrieb Peter Oliver:
>> Empathy's "People Nearby" feature doesn't work out of the box because
>> the required ports are blocked by default by the firewall
>> (https://bugzilla.redhat.com/show_bug.cgi?id=844308). It's a similar
>>
Empathy's "People Nearby" feature doesn't work out of the box because the required ports
are blocked by default by the firewall (https://bugzilla.redhat.com/show_bug.cgi?id=844308). It's
a similar story with Gnome's "Media Sharing" feature, and I'm sure there are lots of
other examples.
Now,
41 matches
Mail list logo
