On 04/15/2014 04:37 PM, Simo Sorce wrote:
On Tue, 2014-04-15 at 10:28 -0400, Christian Schaller wrote:
----- Original Message -----
From: "Reindl Harald" <h.rei...@thelounge.net>
To: devel@lists.fedoraproject.org
Sent: Tuesday, April 15, 2014 11:40:20 AM
Subject: Re: F21 System Wide Change: Workstation: Disable firewall
Am 15.04.2014 11:32, schrieb drago01:
On Tue, Apr 15, 2014 at 11:18 AM, Reindl Harald <h.rei...@thelounge.net>
wrote:
allow any random application to open a unprivlieged
port which is reachable from outside is dangerous
We already allow that and have for a long while. Any application bothering to
support the firewalld dbus interface can open any port
they wish to.
There was a long thread about this on the desktop mailing list, and I was not
in the 'disable the firewall' camp in that discussion,
but nobody in that thread or here have articulated how the firewall exactly
enhance security in the situation where we at the
same time need to allow each user to have any port they desire opened for
traffic to make sure things like DLNA or Chromecast works.
The thread discussing this ended up with mostly being a discussion if the
firewall would be a useful way to help users from accidentally
oversharing on a public network. Which is important and something we want to
work on, but a lot less so than security issues.
There is plenty of prior art here.
What you need is clearly different "zones" that the user can configure
and associate to networks, with the default being that you trust nothing
and everything is firewalled when you roam a new network.
We have that already with zones in firewalld.
firewalld should grow a NetworkManager plugin so that configuration can
be changed on the fly based on which network NM tells firewalld a
specific interface is connected to.
We have that already: With NetworkManager and ifcfg files a
connection/interface can be bound to a zone, it is then not in the
default zone. NetworkManger sends out an request to firewalld to bind
the interfaces related to a connection to the defined or the default zone.
We also have an applet (firewall-applet) to assign and change zones in
an easy way, but because of system tray usability limitations in gnome 3
it is not as usable as it is in other desktop environments. This is an
system tray applet, because I can either write an gnome-shell applet,
that is only working in gnome 3. Or I can write an applet that is
working correctly in all other desktop environments and limited in gnome
3 - I will not write several.
The limitations in gnome 3 are:
- Applets are not easily visible in the desktop.
- An applet is not always visible, even if the state in the applet is to
be visible.
- Sending out notifications is prohibiting the use of left and right
mouse button menus: While the notification is visible, a left and right
mouse button click on the applet only shows the notification.
- After closing an notification sent out by the applet, the applet is
made invisible in the tray with a still visible state in the applet. Not
even a hide and show will make it visible anymore.
- Left and right mouse button menus are loose in the desktop and are not
visibly connected to the applet, it is not visible any more after
clicking on it.
Applications need to be prevented from being able to arbitrarily open
ports, that should be allowed only for a "trusted" zone. User
intervention should be needed to mark a zone as trusted, in all other
zones the user will have to select explicitly what applications are
allowed.
So the big work here is in the UI you need to build to present these
configurations to the user.
Until then you can present a very simplified UI that just has a big
button/switch that turns everything from "untrusted" to "trusted", with
the default being "untrusted" of course.
Simo.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
