Re: Gnome security

[Rusty Conover <rconover montana edu>]

On Tue, 08 Feb 2000 16:48:43 you wrote:
> > From gnome-list-request@redhat.com Tue Feb  8 17:28:10 2000
> >
> > On Tue, 8 Feb 2000 everett@lsli.com wrote:
> > 
> > > 	Anyone have any thoughts about securing Gnome?  I want to restrict
> > > access to Gnome to the console.  I know how to do this with the Xserver,
> > > but the Gnome apps, such as the windows manager etc, listening to ports 
1024 
> > > and up make me nervous.  I searched the FAQ's and didn't find anything.
> > 
> > I also feel nervous about the listening on >1024 ports by default. I'm
> > glad I'm not the only one. Actually, I think it's insanity, considering
> > there _have_ been holes in the generic ORBit code.
> > 
> > I think you can limit listening sockets to UNIX domain sockets by placing
> > a setting in a ".orbit" file or something. I'm sure someone will jump in
> > and point out the correct syntax ;-)
> > 
> > Cheers
> > Chris
> > 
> 
> 	Especially when CDE is notorious for being insecure.  Of course, it
> 	depends on rpc's and portmapper.  There should be some way of 
> 	globally controling ORBs so that they only listen to the loopback 
> 	adapter.
> 	

Have you guys ever heard of ipchains/ip firewalling?  Its quite easy to 
setup and configure if you only want it to listen to loopback 
connections on those ports.  This might be like taking jackhammer to a 
penny nail but it will get the job done.

The Firewalling HOWTO is here:

http://www.ldp.mpoli.fi/HOWTO/IPCHAINS-HOWTO.html (along with other 
mirrors of the HOWTOs)

Cheers,

Rusty
--
Rusty Conover        | rusty@zootweb.com 
Systems Programmer   | 406-586-5050 x242
Zoot Enterprises     | http://www.zootweb.com