Re: make gnome listen on localhost:*
- From: famrom idecnet com (Guillermo S. Romero / Familia Romero)
- To: gnome-list gnome org
- Subject: Re: make gnome listen on localhost:*
- Date: Thu, 15 Jun 2000 22:46:59 +0200
[...]
>There IS a problem with a "listen on a port but deny" default. Namely, the
>"deny" code has to parse the request then deny it. There of course may be
>a flaw in the parsing.
I know that. If the code that accepts connections (to report if allowed or
not) has a bug... ooops!
>Sounds unlikely? Please see my recent Bugtraq post detailling a nasty X
>server denial of service attack. There was a flaw in the code which
>decides whether or not a request is authorized. The X server default on
>most distributions is to listen on port 6000. This is not a sane default
>for modem users.
That is the problem, the entry point must be strong as steel (or more), or
just do not allow even checks.
>The solution is to just not inet listen at all. Unless the user indicates
>that they need this functionality. Wrap it up in a pretty GUI and
>user-oriented terms if required.
I get what you say, and even if CORBA specs say that you must listen, I
would set machines to listen only when user wants. I know of people who had
bad settings in his MS Windows network disks... and lost data due it. The
world is moving to full networking, via modem or OC3, and the only way to
survive is to have secure defaults (RH is moving to this, no server apps if
you choose workstation install, for example) that can be changed (nothing
disallows installing a server with RPM or other ways).
GSR
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
