On 09/11/2013 02:46 PM, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/11/2013 06:35 AM, Heiko Adams wrote:
Am 11.09.2013 12:30, schrieb Alec Leamas:
That said, I see your point. Seems to boil down to that only the
application knows which port(s) to open and why, whereas only the
firewall can guarantee that it actually opens the ports requested by
user instead of something else.
So the application needs to ask the firewall to open one or more ports and
the firewall has to ask the user for permission to do so. In this szenario
the firewall knows what application wants which port(s) to be open. Letting
the application directly ask for permission to punch holes in the firewall
is IMHO the worst case of all and a securiry nightmare.
Asking my wife if she intends to open port 2345 is a waste of time. She has
no idea whether or not this is required. And will quickly learn to answer ok.
Asking her "Do you want to make security changes to share directory
/home/phyllis/Share?" Or
Do you want to make security changes to share Printer XYZ?
Would make sense.
My marriage would be facing serious troubles, if my wife opens any port
on our shared machines ;)
Seriously, I think you guys are forgetting Linux isn't a
Single-User-Single-Seat OSes.
Ralf
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
