Hi,
----- Original Message -----
From: Thomas Woerner <twoerner(a)redhat.com>
Subject: Re: About F19 Firewall
Applications or daemons can only request changes to the firewall if they
are authenticated.
Sure. But user authentication is function of the task an application performs and not of
the firewall rules it adds or removes. In most cases, user won't even know what
firewall rules an application is going to add/edit/remove. Meaning if an authenticated
application leaves user's machine vulnerable, that is always going to be a side-effect
and not an intended one.
Ex. Say I start virt-manager, it prompts me for authentication, I enter password and click
[Ok]. It starts libvirtd in the background, creates interfaces, adds firewall rules etc.
etc. As a user looking at the GUI, I'm completely oblivious to what it is doing(or
did) in the background.
This side-effect design is what I think isn't a good idea.
---
Regards
-Prasad
http://feedmug.com