Re: make gnome listen on localhost:*

From: "Brandon S. Allbery KF8NH" <allbery ece cmu edu>
To: Jim Gettys <jg pa dec com>, Derek Simkowiak <dereks kd-dev com>
Cc: Wandered Inn <esoteric denali atlnet com>, gnome-list gnome org
Subject: Re: make gnome listen on localhost:*
Date: Thu, 15 Jun 2000 08:35:14 +0000

On 06/14/00 17:43:17 -0700 Jim Gettys <jg@pa.dec.com> wrote:
+-----
| Fundamentally, you have to get things secure in the first place....
+--->8

But the first step to security is not leaving open network ports that 
aren't being actively used.  The second step is to not run anything that 
hasn't passed a security audit except on secure *disconnected* (*not* 
firewalled!) subnets.

| I don't know about you, but I run a network even at home, and it is
| clear that this is becoming common.  Even my PDA goes on the net, and I
+--->8

Sure.  I'm on the network virtually continuously.  That doesn't mean I want 
my desktop to be actively soliciting connections from anyone, and it 
doesn't mean that I should need to rely on a firewall to correct for my 
desktop's promiscuity.  If I want to allow network access to something on 
my desktop, *I will specifically enable that access*.  Otherwise... well, 
ActiveX is suddenly starting to look downright secure.

| Gnome should be following X's original vision, that of being able to run
| applications wherever is appropriate, with the display in front of you.
+--->8

Uh, with respect, X is *the* prime example of a network application with no 
serious concern for security in its design.  If I run X with TCP enabled 
(naturally, it's the default...) I *have* to run a firewall to have any 
security.  Which is dead wrong, because

1. it's a band-aid for insecure applications

2. firewalls as primary security policy are false security because you 
can't make them *reliably* deal with all possible acceptable vs. 
unacceptable access.  Not even with application proxies or stateful 
firewalls; there are well known ways to spoof both.

It is correct to say "fix the security holes in the application, don't just 
disable network access"; it is completely incorrect to say "leave it on the 
network by default until the security holes are fixed".

When ORBit has passed a third party security audit, you can enable TCP by 
default.  Until then, it's just begging for trouble.

-- 
brandon s. allbery     [os/2][linux][solaris][japh]    allbery@kf8nh.apk.net
system administrator        [WAY too many hats]          allbery@ece.cmu.edu
electrical & computer engineering                                      KF8NH
carnegie mellon university      ["better check the oblivious first" -ke6sls]

Follow-Ups:
- Re: make gnome listen on localhost:*
  - From: Chris Evans

References:
- Re: make gnome listen on localhost:*
  - From: Jim Gettys

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]