Re: make gnome listen on localhost:*

From: Paul Warren <pdw ferret lmh ox ac uk>
To: gnome-list gnome org
Subject: Re: make gnome listen on localhost:*
Date: Wed, 14 Jun 2000 12:06:45 +0100 (BST)

On Tue, 13 Jun 2000, Tomas Ogren wrote:
> On 12 June, 2000 - John Kennedy sent me these 2.2K bytes:
> 
> >   I happened to nmap myself and noticed that GNOME has a huge number
> > of open (listening) TCP/IP ports open on my box.  Is there any way to get
> > it to connect to localhost only instead of listening to all the ports
> > (and my ethernet port in particular)?  Better yet, no TCP/IP at all
> > using unix-domain sockets and such?
> 
> It's already listening to unix domain sockets.. and btw, the N in GNOME
> is Network.. But anyway:
> echo 'ORBIIOPIPv4=0' > $prefix/etc/orbitrc
> echo 'ORBIIOPIPv6=0' >> $prefix/etc/orbitrc

Can I repeat my request for this to become the default behaviour?  This
topic has come up several times before, and each time the consensus has
been that this is asking for trouble security-wise.  It is highly
improbable that none of the programs listening on these ports have some
form of security hole.  As Gnome becomes more popular on desktops
with permanent network connections, you can be sure that this will become
a popular breakin route.

I suspect that very few people will be using these network capabilities,
and those that do have sufficient clue to set this up securely will have
sufficient clue to make the necesary changes.

Paul

Follow-Ups:
- Re: make gnome listen on localhost:*
  - From: Wandered Inn
- gnome 1.2 panel problems
  - From: Wandered Inn
- Re: make gnome listen on localhost:*
  - From: Elliot Lee

References:
- Re: make gnome listen on localhost:*
  - From: Tomas Ogren

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]