Re: Gnome security

From: Derek Simkowiak <dereks kd-dev com>
To: everett lsli com
cc: gnome-list gnome org, recipient list not shown: ;
Subject: Re: Gnome security
Date: Tue, 8 Feb 2000 16:11:54 -0800 (PST)

> 	Especially when CDE is notorious for being insecure.  Of course, it
> 	depends on rpc's and portmapper.  There should be some way of 
> 	globally controling ORBs so that they only listen to the loopback 
> 	adapter.

	I don't think this is safe, either--if someone were to hack any
other user account they could still talk to the loopback device.
Considering that some Unixes, in the past, have shipped with user-level
accounts that had no password (I'm think IRIX's lpd account here :) this
could be a dangerous default.

	I think that Unix domain sockets (pipes) should be the default,
since this is, after all, supposed to be for a desktop environment.  Then,
if someone needs to access CORBA objects on other machines (which I
believe will be a very minute percentage of GNOME users) they should have
to click a setting in the Gnome Control Panel, with a serious warning
message, that has a label like "Export desktop to the Internet" or some
such thing.


--Derek Simkowiak

References:
- Re: Gnome security
  - From: everett

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]