Re: Gnome and WM



Desync writes:
 > The applets (or is it the panel?) are also binding sockets to listen on. 
 > 
 > Is this something that will be changed, or is it just something to do
 > with my configuration of GNOME at compile?

This sounds like the ports MICO uses when it offers an object
implementation to the world.  Panel's one of a number of applications
which will do this...

 > I hope it will change. I found that I was able to crash the panel
 > entirely (remotely) by connecting to those ports and flooding it.
 > 
 > Using firewalls would not help, since it seems to use the normal
 > convention of binding the next availble port (in sequential order) so
 > guessing the ports to firewall would be impossible.

Um.  Traditionally, you block all ports >1024 and use passive FTP if
you want to stop this sort of attack.  This is a reasonably sensible
precaution in any case, Gnome or no Gnome.

Having said that, there's security issues with any CORBA interface
exported by your desktop at the moment, since any user on the local
machine can use it.  I imagine this is an issue we can deal with
later, using the X authority security system (since anything
interested in your desktop's advertised services is also going to have
to have the key to allow it to access your X server).

Ian.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]