On Wed, 11 Sep 2013, Thomas Woerner wrote:
On 09/10/2013 10:07 PM, Peter Oliver wrote:
Now, if you're running a server and you install, say, Apache, I think
you expect to have to go and poke at the firewall config, but these seem
to be very desktop-focused features, and the UI provides no
On Friday 13 September 2013 01:51:00 drago01 wrote:
On Fri, Sep 13, 2013 at 1:26 AM, Oron Peled o...@actcom.co.il wrote:
- This means that any privileged service controlled by GUI client (e.g:
NetworkManager) is still only as secure as it's controller (e.g:
nm-applet).
This
On Fri, Sep 13, 2013 at 10:23 AM, Oron Peled o...@actcom.co.il wrote:
On Friday 13 September 2013 01:51:00 drago01 wrote:
On Fri, Sep 13, 2013 at 1:26 AM, Oron Peled o...@actcom.co.il wrote:
- This means that any privileged service controlled by GUI client (e.g:
NetworkManager) is
On Fri, 2013-09-13 at 11:23 +0300, Oron Peled wrote:
On Friday 13 September 2013 01:51:00 drago01 wrote:
On Fri, Sep 13, 2013 at 1:26 AM, Oron Peled o...@actcom.co.il wrote:
- This means that any privileged service controlled by GUI client (e.g:
NetworkManager) is still only as
Application should request the ports to be opened and the firewalld
layer should then confirm with the user stating which ports and
which app requested said ports. The app can't lie if the firewall
layer is the one asking for confirmation.
But a malicious app can pretend to be another one,
On Thursday 12 September 2013 08:25:21 Pierre-Yves Chibon wrote:
Application should request the ports to be opened and the firewalld
layer should then confirm with the user stating which ports and
which app requested said ports. The app can't lie if the firewall
layer is the one asking
On Thu, 2013-09-12 at 10:01 +0300, Oron Peled wrote:
* From pid you can find the real executable (/proc/pid/cmd).
And this is the step that's worthless:
https://bugzilla.gnome.org/show_bug.cgi?id=533493
--
devel mailing list
devel@lists.fedoraproject.org
Am 11.09.2013 23:18, schrieb Mateusz Marzantowicz:
On 11.09.2013 17:24, Daniel J Walsh wrote:
On 09/11/2013 09:18 AM, Reindl Harald wrote:
The problem with this solution is potential conflicts in port numbers and
pps that just use random ports (Which I think should just not be allowed
to
Am 12.09.2013 08:25, schrieb Pierre-Yves Chibon:
Application should request the ports to be opened and the firewalld
layer should then confirm with the user stating which ports and
which app requested said ports. The app can't lie if the firewall
layer is the one asking for confirmation.
On Thursday 12 September 2013 09:23:13 Colin Walters wrote:
On Thu, 2013-09-12 at 10:01 +0300, Oron Peled wrote:
* From pid you can find the real executable (/proc/pid/cmd).
And this is the step that's worthless:
https://bugzilla.gnome.org/show_bug.cgi?id=533493
Thanks, that was a very
On Fri, Sep 13, 2013 at 1:26 AM, Oron Peled o...@actcom.co.il wrote:
- This means that any privileged service controlled by GUI client (e.g:
NetworkManager) is still only as secure as it's controller (e.g:
nm-applet).
This is wrong. That's not how controlling the service works.
--
On Wed, 2013-09-11 at 10:04 +0200, Reindl Harald wrote:
and who controls for sure that bad software does not the same?
snip
The source of all this software is available to be looked at. So really,
you can verify that only the required ports are opened up.
*nobody* and *nothing* has to punch
On Wed, 2013-09-11 at 18:41 +1000, Ankur Sinha wrote:
- These software inform and take permission from the user before
opening
ports in the firewall.
In light of the parallel discussion on too many password prompts, as
pointed out by Bochecha, I'd like to clarify:
- The software *must* inform
Am 11.09.2013 10:41, schrieb Ankur Sinha:
- These software inform and take permission from the user before opening
ports in the firewall.
IMHO it should be the job of the firewall to inform the user about an
application that want's to open one or more ports and ask for permission
to open
On 2013-09-11 11:11, Heiko Adams wrote:
Am 11.09.2013 10:41, schrieb Ankur Sinha:
- These software inform and take permission from the user before opening
ports in the firewall.
IMHO it should be the job of the firewall to inform the user about an
application that want's to open one or more
Le Mer 11 septembre 2013 11:23, Alec Leamas a écrit :
On 2013-09-11 11:11, Heiko Adams wrote:
Am 11.09.2013 10:41, schrieb Ankur Sinha:
- These software inform and take permission from the user before
opening
ports in the firewall.
IMHO it should be the job of the firewall to inform the
On 2013-09-11 12:02, Nicolas Mailhot wrote:
Le Mer 11 septembre 2013 11:23, Alec Leamas a écrit :
On 2013-09-11 11:11, Heiko Adams wrote:
Am 11.09.2013 10:41, schrieb Ankur Sinha:
- These software inform and take permission from the user before
opening
ports in the firewall.
IMHO it should
Am 11.09.2013 12:30, schrieb Alec Leamas:
That said, I see your point. Seems to boil down to that only the
application knows which port(s) to open and why, whereas only the
firewall can guarantee that it actually opens the ports requested by
user instead of something else.
So the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/11/2013 06:35 AM, Heiko Adams wrote:
Am 11.09.2013 12:30, schrieb Alec Leamas:
That said, I see your point. Seems to boil down to that only the
application knows which port(s) to open and why, whereas only the
firewall can guarantee
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/11/2013 08:56 AM, Alec Leamas wrote:
On 2013-09-11 14:46, Daniel J Walsh wrote:
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1
On 09/11/2013 06:35 AM, Heiko Adams wrote:
Am 11.09.2013 12:30, schrieb Alec Leamas:
That said, I see your
On 09/11/2013 02:46 PM, Daniel J Walsh wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/11/2013 06:35 AM, Heiko Adams wrote:
Am 11.09.2013 12:30, schrieb Alec Leamas:
That said, I see your point. Seems to boil down to that only the
application knows which port(s) to open and why,
On 2013-09-11 15:20, Ralf Corsepius wrote:
On 09/11/2013 02:46 PM, Daniel J Walsh wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/11/2013 06:35 AM, Heiko Adams wrote:
Am 11.09.2013 12:30, schrieb Alec Leamas:
That said, I see your point. Seems to boil down to that only the
On 09/11/2013 03:32 PM, Alec Leamas wrote:
On 2013-09-11 15:20, Ralf Corsepius wrote:
On 09/11/2013 02:46 PM, Daniel J Walsh wrote:
-BEGIN PGP SIGNED MESSAGE-
Asking her Do you want to make security changes to share directory
/home/phyllis/Share? Or
Do you want to make security
On 2013-09-11 15:41, Ralf Corsepius wrote:
On 09/11/2013 03:32 PM, Alec Leamas wrote:
On 2013-09-11 15:20, Ralf Corsepius wrote:
On 09/11/2013 02:46 PM, Daniel J Walsh wrote:
-BEGIN PGP SIGNED MESSAGE-
Asking her Do you want to make security changes to share directory
On 09/11/2013 06:30 AM, Alec Leamas wrote:
On 2013-09-11 12:02, Nicolas Mailhot wrote:
Le Mer 11 septembre 2013 11:23, Alec Leamas a écrit :
On 2013-09-11 11:11, Heiko Adams wrote:
Am 11.09.2013 10:41, schrieb Ankur Sinha:
- These software inform and take permission from the user before
On 09/11/2013 10:59 AM, Ankur Sinha wrote:
- The software*must* inform the user and take permission before opening
ports.
Hmm, can you use this feature?:
https://lists.fedoraproject.org/pipermail/devel/2013-July/186797.html
I.e. you will write script, which will ask admin and open the port.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/11/2013 09:18 AM, Reindl Harald wrote:
Am 11.09.2013 15:05, schrieb Daniel J Walsh:
On 09/11/2013 08:56 AM, Alec Leamas wrote:
Although this would work for both our wifes I'd hate it myself. There
need to be some way in the interface to
On 09/10/2013 10:07 PM, Peter Oliver wrote:
Empathy's People Nearby feature doesn't work out of the box because
the required ports are blocked by default by the firewall
(https://bugzilla.redhat.com/show_bug.cgi?id=844308). It's a similar
story with Gnome's Media Sharing feature, and I'm sure
Am 11.09.2013 15:05, schrieb Daniel J Walsh:
On 09/11/2013 08:56 AM, Alec Leamas wrote:
Although this would work for both our wifes I'd hate it myself. There need
to be some way in the interface to understand what's *really* going on
here, the ports opened, triggers etc. But not unless
On 11.09.2013 17:24, Daniel J Walsh wrote:
On 09/11/2013 09:18 AM, Reindl Harald wrote:
Am 11.09.2013 15:05, schrieb Daniel J Walsh:
On 09/11/2013 08:56 AM, Alec Leamas wrote:
Although this would work for both our wifes I'd hate it myself. There
need to be some way in the interface to
On Wed, 2013-09-11 at 23:18 +0200, Mateusz Marzantowicz wrote:
On 11.09.2013 17:24, Daniel J Walsh wrote:
On 09/11/2013 09:18 AM, Reindl Harald wrote:
Am 11.09.2013 15:05, schrieb Daniel J Walsh:
On 09/11/2013 08:56 AM, Alec Leamas wrote:
Although this would work for both our wifes
Am 11.09.2013 00:01, schrieb Alec Leamas:
On 2013-09-10 23:11, Reindl Harald wrote:
Am 10.09.2013 22:58, schrieb Heiko Adams:
Am 10.09.2013 22:07, schrieb Peter Oliver:
Empathy's People Nearby feature doesn't work out of the box because
the required ports are blocked by default by the
Am 11.09.2013 12:02, schrieb Nicolas Mailhot:
Le Mer 11 septembre 2013 11:23, Alec Leamas a écrit :
On 2013-09-11 11:11, Heiko Adams wrote:
Am 11.09.2013 10:41, schrieb Ankur Sinha:
- These software inform and take permission from the user before
opening
ports in the firewall.
IMHO it
Am 10.09.2013 23:38, schrieb Heiko Adams:
Am 10.09.2013 23:11, schrieb Reindl Harald:
AFAIR the samba client port is also blocked by default which makes it
impossible to share files with windows machines
what is a samba *client* port?
It's port 137 and 138 UDP
mhh - and why should i
Am 11.09.2013 04:17, schrieb Ankur Sinha:
On Wed, 2013-09-11 at 00:01 +0200, Alec Leamas wrote:
Nobody questions this. Thie issue in this thread is if we could find
ways to make it simpler to enable these services.
Last I checked, the bugs already spoke about giving utilities the
ability
Empathy's People Nearby feature doesn't work out of the box because the required ports
are blocked by default by the firewall (https://bugzilla.redhat.com/show_bug.cgi?id=844308). It's
a similar story with Gnome's Media Sharing feature, and I'm sure there are lots of
other examples.
Now, if
Am 10.09.2013 22:58, schrieb Heiko Adams:
Am 10.09.2013 22:07, schrieb Peter Oliver:
Empathy's People Nearby feature doesn't work out of the box because
the required ports are blocked by default by the firewall
(https://bugzilla.redhat.com/show_bug.cgi?id=844308). It's a similar
story with
Am 10.09.2013 22:07, schrieb Peter Oliver:
Empathy's People Nearby feature doesn't work out of the box because
the required ports are blocked by default by the firewall
(https://bugzilla.redhat.com/show_bug.cgi?id=844308). It's a similar
story with Gnome's Media Sharing feature, and I'm sure
On 2013-09-10 23:11, Reindl Harald wrote:
Am 10.09.2013 22:58, schrieb Heiko Adams:
Am 10.09.2013 22:07, schrieb Peter Oliver:
Empathy's People Nearby feature doesn't work out of the box because
the required ports are blocked by default by the firewall
On Wed, 2013-09-11 at 00:01 +0200, Alec Leamas wrote:
Nobody questions this. Thie issue in this thread is if we could find
ways to make it simpler to enable these services.
Last I checked, the bugs already spoke about giving utilities the
ability to punch holes in the firewall and then close
40 matches
Mail list logo
