RFE: FireKit
Matthew Woehlke
mw_triad at users.sourceforge.net
Thu Jul 23 22:17:41 UTC 2009
Michael Cronenworth wrote:
> Ahmed Kamal on 07/23/2009 04:54 PM wrote:
>> Exactly the point, the user shares his desktop, or starts some service
>> using the services GUI, and FireKit should offer to help. Moreover, this
>> actually would improve desktop security, since without FireKit, a
>> typical user after wasting half an hour, would understand it was the
>> firewall blocking him, and would simply disable it for good. This
>> happens on any OS. However, with FireKit, pro-actively offering to help
>> the user, and requesting by default a limited time-window for opening
>> the ports, actually ensures a better desktop security
>
> The user should simply be prompted:
>
> "Do you want "Vino Remote Desktop" to be allowed network access?"
> (Yes or No)
I have to ask... when are we going to see Linux allow network access
based on the checksum of the process that wants to use it? After all,
'doze has had this ability for years. (Maybe SELinux can provide this
already?)
Having said that, something like FireKit is obviously a step in the
right direction. I presume in addition to <time> there will be options
to open a port 'forever', 'until reboot', 'until the process using the
port goes away'.
Also, "Do you want <app> to be allowed to accept connections from the
network?" :-) ...outbound access != inbound access.
--
Matthew
Please do not quote my e-mail address unobfuscated in message bodies.
--
"What is a release plan, anyway?" -- Oswald Buddenhagen
...who I'm sure did not mean it seriously ;-)
More information about the fedora-devel-list
mailing list