Browser mode for nautilus

Mon Oct 27 19:53:30 UTC 2008

On Mon, 2008-10-27 at 15:25 -0400, seth vidal wrote:
> If you'd like to have a CV-off with regard to security awareness and
> actual experience maintaining and securing systems and networks, I'd
> be happy to do so.

This is classical. Didn't they teach you that bad security is worse than
no security? Here's the thing: today the default install of the desktop
is broken when it comes to file sharing. It's kinda hard to disagree
with that, so I'm going to go ahead and assume you at least agree with
that.

Hence, if people want to share files using, say, Rhythmbox (and they
do), they are left with either

 1. Turning of the firewall
 2. Configuring iptables(8) or using system-config-firewall

Now, let me explain to you how RB/Banshee/gnome-user-share works. They
allocate a random high port number. Now, before you complain that you
think this in broken you have to understand why this is so.

The programs have to do this because you may have several sessions or
instances running. So in general you can't really predict the port
number (or even range) to use since the user may add new services that
share stuff on the network.

So in general 2. won't really work (because you'd have to update it
dynamically) so users of course resort to 1. Wow, what's that thing
going out the window? That other useful stuff that we might have
configured the iptables(8) stack with except for blocking ports.

Also, the user interface of both iptables(8) and system-config-firewall
is useless and scary. Even for me. Thus, people are left with doing 1.
Lose.

But then again, I don't have that CV saying I know about security (or
maybe I do and it's mere existence is classified).

> Disabling firewalls on individual systems be they desktops or servers is
> a BAD idea. Full stop.

Your opinion is noted. I respectfully disagree. I'd suggest to look at
how current malware (including Skype) works. It would probably also be
useful for you to realize just how ubiquitous the HTTP protocol is and
what kind of users it has (hint, more than HTML pages).

(FWIW, for a long time my position was that we should just have an
system API to allow trusted apps to poke hole in the local firewall
(after determining it's port number) after user confirmation via things
like PolicyKit. This can be done in a secure way most of the time
because the actual program for sharing doesn't link to things like GTK+.
E.g. it can be made secure the same way setuid binaries are secure. But
I now think that's a terrible user experience plus I also think our
current "firewall" is nothing more than snake oil.)

> I wanted to make sure there was no doubt that disabling firewalls is NOT
> something anyone should do.

No, you wanted to make people aware of your _opinion_. Of which quite a
few people, including yours truly, disagree.

     David