Re: make gnome listen on localhost:*

From: Chris Evans <chris ferret lmh ox ac uk>
To: Jim Gettys <jg pa dec com>
Cc: Derek Simkowiak <dereks kd-dev com>,Wandered Inn <esoteric denali atlnet com>, gnome-list gnome org
Subject: Re: make gnome listen on localhost:*
Date: Thu, 15 Jun 2000 12:51:27 +0100 (BST)

On Wed, 14 Jun 2000, Jim Gettys wrote:

> Fundamentally, you have to get things secure in the first place....
> Putting your head in the sand and disabling network access will just
> delay your trouble.

Ah, the "get things right, don't bury your head in the
sand" argument. It's a fine theoretical argument but in practice it simply
_does_ _not_ _work_.

I've come to the above conclusion after spending lots of time working on
security and in particular auditing.

The unfortunate truth is that people will makes mistakes in code. And the
auditors will make mistakes in auditing. As time goes forward, new ideas
and code subversion techniques become more advanced. I've suffered the
disappointment of having security holes found in packages which I had
audited and believed relatively secure.

The solution is to minimize risks. You do this by a two step process
1) Audit the code
2) If practical, disable the risk (inet listening) by default

It's already been shown that in the case of GNOME, disabling inet CORBA
sockets is exceptionally practical - even the average more advanced GNOME
user wouldn't know the difference.

Oh... hang on.. isn't this sounding familiar? Perhaps we've all heard of
OpenBSD? They use the above two step process to great effect. No, I'm not
advocating disabling _every_ listening port by default[1], but certainly
ones like GNOME CORBA inet sockets.

Cheers
Chris

[1] It would for example be foolish to disable port 80 by default on a
"web server" class install :-)

References:
- Re: make gnome listen on localhost:*
  - From: Jim Gettys

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]