Re: Gnome and WM
- From: Desync <desync nwlink com>
- To: gnome-list gnome org
- Subject: Re: Gnome and WM
- Date: Tue, 23 Jun 1998 12:42:55 -0700
Ian Wells wrote:
>
> Um. Traditionally, you block all ports >1024 and use passive FTP if
> you want to stop this sort of attack. This is a reasonably sensible
> precaution in any case, Gnome or no Gnome.
Uhhh. Not really. This also stops any DCC's on irc, and web browsing.
Remember, I would have to block all incoming packets that were coming to
ports >1023, which could be a socket binded to a website for all I
know..
This isnt a solution. I dont think I want to block off all my ports for
a panel manager. Its never been a security problem before running it.
>
> Having said that, there's security issues with any CORBA interface
> exported by your desktop at the moment, since any user on the local
> machine can use it. I imagine this is an issue we can deal with
> later, using the X authority security system (since anything
> interested in your desktop's advertised services is also going to have
> to have the key to allow it to access your X server).
>
> Ian.
Possibly, you could assign specific port ranges for the applets and
panel. Does every applet require its own binded socket?
I hope this problem is looked at and fixed, as I wouldnt want to see
some sort of buffer overflow exploit hit bugtraq.
Which looks like at the moment is possible.
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]