Re: Why all the open ports?

From: Eric Kidd <eric kidd pobox com>
To: Derek Simkowiak <dereks kd-dev com>
Cc: gnome-components-list gnome org
Subject: Re: Why all the open ports?
Date: Sun, 9 Jul 2000 15:31:14 -0400

On Sun, Jul 09, 2000 at 11:01:49AM -0700, Derek Simkowiak wrote:
> See http://mail.gnome.org/pipermail/gnome-list/2000-June/thread.html, and
> look for messages titled, "make gnome listen on localhost:*".  Not all of
> the relevant messages are in the same thread.

Ah. Thank you for the pointer.

> -> Open ports make me nervous. :-( 
> 	As it should!  Orbit has an option to use Unix pipes instead of
> TCP/IP ports, which reduces the risk a great deal.  But for some reason,
> Elliot has an objection to having the default be Unix pipes...

There seem to be two separate issues:

 1) Should ORBit listen on TCP/IP ports by default? (Yes, I assume.)
 2) Should Gnome open up half a dozen random ports on a desktop machine,
    just in case a user decides to run Gnome applets over the network?

Elliot argues in favor of (2), but I haven't been able to understand his
rationale. Maybe I'm just cynical about audits, and about the potential of
future firewall technology to handle this sort of situation properly.

I'm a little bit concerned by the code in "src/IIOP/connection.c"--there's
quite a bit of code to audit before concluding the TCP/IP listeners are
secure.

Should this whole issue go into a FAQ somewhere? I can't explain the
rationale for all these open ports (because I don't understand it), but I'd
be happy to provide instructions on how to close them.

Cheers,
Eric

References:
- Why all the open ports?
  - From: Eric Kidd
- Re: Why all the open ports?
  - From: Derek Simkowiak

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]