bittorrent in core? what frontend?
Sean
seanlkml at sympatico.ca
Sat Dec 17 12:41:13 UTC 2005
On Sat, December 17, 2005 7:22 am, Michael A. Peters said:
> I would NOT want that.
> I've got that turned off on my Linksys - I don't want any ports at all
> open for forwarding that I haven't specifically opened for forwarding.
>
> Last thing I want is someone at my house running some program that opens
> up port forwarding on my router.
Well of course that's your decision to make, but we shouldn't force that
decision on everyone.
> That has to be done as root, so it has to either be in Anaconda - or in
> a system-config tool. I personally vote for the latter, I think Anaconda
> is too complicated as it is. OS X (at least 10.1 - haven't installed
> anything later) has a sweet and simple installer. But anyway, that's
> just my opinion. Linus Torvalds will probably tear me a new one for
> wanting an installer targeted at dumb users ;)
Well it can be handed off to a "root" process via dbus which imposes all
the necessary security. We don't want to make this an install time
option, especially for peer services like BT. You don't want a static
firewall rule for a process that is only running occasionally. No, what
you want is an appropriate firewall rule set only for the time that BT is
actually running. Anything else is a security risk in itself.
> The problem with that is that root is required.
> I know some Windows firewalls do that - but only if you are running as
> admin.
This is a pretty easily solved techinical hurdle. A user/application
combo that has been given permission to open ports could pass the request
off to a thread/process with enough permission to handle the task without
a problem. dbus seems like a natural fit for this. I would argue that
something along this line is the only way to avoid the security risk of a
static firewall rule for an application that only runs intermittently.
Sean
More information about the fedora-devel-list
mailing list