On Mon, 2010-12-06 at 18:07 -0800, Jesse Keating wrote:
On 12/06/2010 06:04 PM, Adam Williamson wrote:
> On Mon, 2010-12-06 at 19:05 +0000, Daniel P. Berrange wrote:
>
>> The other benefit would be if the user only intended the
>> service to be accessible to localhost, or a UNIX domain
>> socket but for some reason screwed up their service's
>> config & opened it to the world.
>
> I use it as a safety net for much this reason. I am not comfortable with
> 100% guaranteeing that 'helpful' services we install by default like
> Avahi are not doing things I really wouldn't want them to do when I
> connect to some open wifi network.
I think this is where the zones work that was talked about will come in
handy. If you connect to a new unknown network, default to firewalled
until the user "trusts" the zone. But if you trust the zone, trust it,
don't get in the way.
yep, indeed. though, of course, implementation can be a pain. Windows
implements something like this, and half the vulnerability announcements
I see seem to be for things that manage to violate this model by
appearing to be from the trusted zone when they're not. (IE used to have
a similar system, which they never managed to get right, so I think
they've either removed it or they just default to every zone being
equally untrusted now).
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net