Re: Why all the open ports?

From: Eric Kidd <eric kidd pobox com>
To: Miguel de Icaza <miguel helixcode com>
Cc: Derek Simkowiak <dereks kd-dev com>,gnome-components-list gnome org
Subject: Re: Why all the open ports?
Date: Tue, 11 Jul 2000 20:28:09 -0400

On Tue, Jul 11, 2000 at 07:58:23PM -0400, Miguel de Icaza wrote:
> > 	  See
> > http://mail.gnome.org/pipermail/gnome-list/2000-June/thread.html, and look
> > for messages titled, "make gnome listen on localhost:*".  Not all of the
> > relevant messages are in the same thread. 
> Can you sumarize this to me?

The complaint:

  * Every Gnome application using ORBit listens on a globally-visible
    TCP/IP port. Type 'netstat -tlp' as root and take a look.
  * Open ports make paranoid sysadmins nervous (not without good reason).
  * The ORBit libraries have (presumably) been audited, but the actual
    server code is moderately complex. It's certainly not something a
    random C programmer could audit in an hour or two.
  * ORBit could listen on Unix sockets instead, but currently doesn't.

Why ORBit (and Gnome) listen on TCP/IP sockets:

  * The CORBA standard requires support for IIOP over TCP/IP.
  * Gnome inherits this behavior, and does nothing to override it for Gnome
    applications.
  * CORBA over TCP/IP allows users to run applets on different machines and
    link everything together with CORBA.

The tradeoff:

  * If Gnome applets don't listen on TCP/IP ports, you can't have applets
    running on different machines.
  * If Gnome applets *do* listen on TCP/IP ports, the average desktop user
    has one more incomprehensible security concern to understand.

Current practices:

  * RedHat leaves all these ports open.
  * Debian turns off ORBit's TCP/IP support for all applications, not just
    Gnome. This doesn't seemed to have confused too many Gnome users yet.
    To get Debian's behavior, stick the following in /etc/orbitrc:
      ORBIIOPUSock=1
      ORBIIOPIPv4=0
      ORBIIOPIPv6=0
    This is fairly rude; it breaks some non-Gnome users of ORBit.

My two cents:

  * Gnome shouldn't listen on TCP/IP sockets. If users want to run
    components on multiple machines, they should be using SSH and port
    forwarding anyway--anything less exposes all CORBA traffic to network
    sniffers, which is the Wrong Thing<tm>. (For the record, I feel the
    same way about X's listener on port 6000.)
  * Gnome shouldn't globally disable ORBit's TCP/IP support.

If I've summarized incorrectly, or misrepresented anyone's views, please
correct me.

Cheers,
Eric

Follow-Ups:
- Re: Why all the open ports?
  - From: Derek Simkowiak

References:
- Re: Why all the open ports?
  - From: Derek Simkowiak
- Re: Why all the open ports?
  - From: Miguel de Icaza

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]