Re: make gnome listen on localhost:*

From: Derek Simkowiak <dereks kd-dev com>
To: Jim Gettys <jg pa dec com>
Cc: Wandered Inn <esoteric denali atlnet com>, gnome-list gnome org
Subject: Re: make gnome listen on localhost:*
Date: Wed, 14 Jun 2000 17:17:51 -0700 (PDT)

-> Fundamentally, you have to get things secure in the first place....

	Hehehehe... phew.  Yeah, we know *exactly* how to do THAT.  

	After all, we've had such great success with bind, sendmail,
Apache, ssh, dhcpd, ftpd... Oops, that's right, no we haven't.  

	Watch BUGTRAQ for a few months and your idea of "getting things
secure in the first place" will change.


-> Putting your head in the sand and disabling network access will just
-> delay your trouble.

	It's about minimization.  You need to minimize the risks, as
eliminating them completely is (practically) impossible.


-> So while people may think that people don't run remote applications due
-> to the habits ingrained due to PC's, you will be doing so very frequently
-> very, very soon.

	Not *that* soon.  Gnome apps will reside locally for the next
couple of years, at least.  DSL will need to be the standard (rather than
the exception) before running an app via CORBA objects will be as
practical as running an app via the localhost.

	CORBA acrossed a 33.6K AOL dialup (the most common desktop user)
is just impractical.


-> So I believe the solution is do solve the problem right this time, not
-> ducking the problem...

	Ah yes... let's just pretend that there are no holes in ORBit and
that exploits won't be found-- therefor, we can keep ourselves open to the
world at large.  (That's ducking the problem if I ever heard it :)


->  Somehow I don't think I want to explain to a naive end user that he
-> has to much with his second machine in some magic way to get "the
-> right thing" to happen...

	Compare:

	System -> Control Panel -> Export CORBA Services 
	(for <1% of the users, and only once)

	...to...

	1) D/L updated ORBit RPM
	2) Open a terminal window (oh yeah, and know shell commands)
	3) Become root
	4) cd to D/L location
	5) rpm -Uvh filename.rpm
	6) Pray to god you haven't been rootkitted already
	(for 100% of the users, EVERY TIME an exploit is found)


	Which makes more sense?

Follow-Ups:
- Re: make gnome listen on localhost:*
  - From: Elliot Lee

References:
- Re: make gnome listen on localhost:*
  - From: Jim Gettys

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]