Re: make gnome listen on localhost:*



On Wed, 14 Jun 2000, Paul Warren wrote:

> > It's already listening to unix domain sockets.. and btw, the N in GNOME
> > is Network.. But anyway:
> > echo 'ORBIIOPIPv4=0' > $prefix/etc/orbitrc
> > echo 'ORBIIOPIPv6=0' >> $prefix/etc/orbitrc
> 
> Can I repeat my request for this to become the default behaviour?

You can repeat it, sure! :)

> It is highly improbable that none of the programs listening on these
> ports have some form of security hole.

(The programs have nothing to do with it - they do not see any of the
network traffic directly.)

> As Gnome becomes more popular on desktops with permanent network
> connections, you can be sure that this will become a popular breakin
> route.

So unplug it from the network - there are plenty of other more interesting
network services to choose from if you want to break in. Or install a
firewall, or set up TCP Wrappers properly.

> I suspect that very few people will be using these network capabilities

I thought you just said Gnome was going to be popular on computers with
permanent network connections? Do people just plug their computers in for
the blinking lights?

A fair amount of people use ORBit outside of Gnome, and when you add those
networked uses to the people who do use it with Gnome, you still want to
tell me that we should disable it, so that you can feel good about not
properly securing your system...

Nobody here has demonstrated a clue about why those sockets are listening,
what the security implications are, and what steps have been taken to make
sure there are no security problems (CE excepted, just in case).

-- Elliot





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]