Re: make gnome listen on localhost:*

From: Derek Simkowiak <dereks kd-dev com>
To: Wandered Inn <esoteric denali atlnet com>
Cc: gnome-list gnome org
Subject: Re: make gnome listen on localhost:*
Date: Wed, 14 Jun 2000 16:10:24 -0700 (PDT)

-> I don't care what hardware/OS you're running, with the onset of 'always
-> on' technologies (*DSL), you're going to have to run some kind of
-> firewall, whether you're a geek or not.

	To be perfectly clear: I do not contest that firewalls are an
absolute necessity.

	I do not believe that using Unix sockets (or turning off network 
services) is a replacement for real security.

	However, regardless of how we think a network should be set up, we
should do our best to make Gnome as secure as possible.  Using Unix
sockets greatly reduces the possibly of a remote exploit; therefor, it
should be the default.

	To say, "We don't need to make Gnome secure because security
should be left up to the firewall" is absurd.


--Derek

P.S.> Not that it matters to the discussion, but when an ORBit exploit is
found, I would not want attacks limited to people inside my firewall.  In
many University computer labs/libraries/gov't agencies, there are
terminals available to walk up customers.  We should not assume that every
Linux box running ORBit will have good ipchains configurations. 

P.P.S.> Firewalls are cracked (or more likely, misconfigured) all the
time.

Follow-Ups:
- Re: make gnome listen on localhost:*
  - From: Jim Gettys
- Re: make gnome listen on localhost:*
  - From: Wandered Inn

References:
- Re: make gnome listen on localhost:*
  - From: Wandered Inn

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]