Re: make gnome listen on localhost:*

From: Derek Simkowiak <dereks kd-dev com>
To: Leland Elie <datazone airmail net>
Cc: Elliot Lee <sopwith redhat com>,Chris Evans <chris ferret lmh ox ac uk>, gnome-list gnome org
Subject: Re: make gnome listen on localhost:*
Date: Thu, 15 Jun 2000 11:11:57 -0700 (PDT)

-> You can sing all the songs about firewalls, but you know what?  no one is 
-> listening, most new users don't know the difference between X and GNOME, 
-> yet you expect them to understand how to setup up and maintain a secure 
-> firewall?  

	If I understand Elliot correctly, he does not mean "A Firewall" in
the traditional sense of a single box protecting a network, but "firewall"
as in kernel-level packet rejection (instead of application-level
'rejection').

	Elliot wants a general-purpose solution to the problem of open
sockets on Linux/Unix boxes, and I think he has ipchains (on every single
desktop workstation) in mind.

	Unfortunately, that is the task of the Operating System, not the
desktop GUI.  The Gnome core libraries can't control that kind of
security, since it runs on different OS's (and because the issue of open
sockets being security holes is there even if Gnome is not running--or
even installed).  

	In this case, since Gnome is creating is a hole, it should do
everything in its power to be as safe as possible (read: Unix sockets).
If the OS vendors decide to ship secure Linux boxes (wouldn't THAT be a
miracle) then the "firewall"-level security Elliot keeps referring to can
be *in addition to* the use of Unix sockets.


--Derek

Follow-Ups:
- Re: make gnome listen on localhost:*
  - From: Chris Evans

References:
- Re: make gnome listen on localhost:*
  - From: Leland Elie

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]