[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: RFE: FireKit



Michael Cronenworth wrote:
Ahmed Kamal on 07/23/2009 04:54 PM wrote:
Exactly the point, the user shares his desktop, or starts some service
using the services GUI, and FireKit should offer to help. Moreover, this
actually would improve desktop security, since without FireKit, a
typical user after wasting half an hour, would understand it was the
firewall blocking him, and would simply disable it for good. This
happens on any OS. However, with FireKit, pro-actively offering to help
the user, and requesting by default a limited time-window for opening
the ports, actually ensures a better desktop security

The user should simply be prompted:

"Do you want "Vino Remote Desktop" to be allowed network access?"
(Yes or No)

I have to ask... when are we going to see Linux allow network access based on the checksum of the process that wants to use it? After all, 'doze has had this ability for years. (Maybe SELinux can provide this already?)

Having said that, something like FireKit is obviously a step in the right direction. I presume in addition to <time> there will be options to open a port 'forever', 'until reboot', 'until the process using the port goes away'.

Also, "Do you want <app> to be allowed to accept connections from the network?" :-) ...outbound access != inbound access.

--
Matthew
Please do not quote my e-mail address unobfuscated in message bodies.
--
"What is a release plan, anyway?" -- Oswald Buddenhagen
  ...who I'm sure did not mean it seriously ;-)


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]