bittorrent in core? what frontend?
Jesse Keating
jkeating at j2solutions.net
Sat Dec 17 21:17:54 UTC 2005
On Sat, 2005-12-17 at 16:04 -0500, Sean wrote:
> It's a low risk feature that adds signficant ease of use for the user.
> You haven't shown at all how it could be exploited.
If I knew how it could, I would have alerted upstream and vendors to get
a CVE assigned and a fix coordinated. Unfortunately not all folks who
discover flaws act in this way.
With a port forward, any traffic at all can be pushed to the client.
Who knows what kind of overflows or whatnot may be in the client
software, that could lead to something which the client has rights to
do, such as 'remove your temp files, which are ~/*'. My point is that
forwarding ports is a risk. Sure it could just wipe your user files,
but maybe it could do more. I don't know, I am not a security expert.
Forwarded ports are much different than established/related packets.
Unassociated traffic can come in at will. This kind of risk needs to be
something a USER assumes, not a distribution.
--
Jesse Keating RHCE (geek.j2solutions.net)
Fedora Legacy Team (www.fedoralegacy.org)
GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub)
Was I helpful? Let others know:
http://svcs.affero.net/rm.php?r=jkeating
More information about the fedora-devel-list
mailing list