Browser mode for nautilus
Dan Winship
dwinship at redhat.com
Tue Oct 28 14:01:04 UTC 2008
David Zeuthen wrote:
> On Mon, 2008-10-27 at 15:51 -0400, seth vidal wrote:
>> We have a number of applications that end of listening on random ports.
>> At which point the system is vulnerable (or sometimes just the user) is
>> vulnerable to whatever those daemons are vulnerable to.
>
> The solution here would be to confine these daemons with SELinux
>> If the process needs to be able to listen on an external port then that
>> needs to be enabled separately. You don't just turn off all the rules as
>> a solution.
>
> However, I'd argue that people end up doing this anyway.
Yes, and I suspect a large percentage of the people who are turning off
the firewall because it keeps them from getting work done are also
turning off SELinux because it keeps them from getting work done. So...
-- Dan
More information about the Fedora-desktop-list
mailing list