Re: Gnome and WM



Ian Wells wrote:

> 
> Um.  Traditionally, you block all ports >1024 and use passive FTP if
> you want to stop this sort of attack.  This is a reasonably sensible
> precaution in any case, Gnome or no Gnome.

Uhhh. Not really. This also stops any DCC's on irc, and web browsing. 
Remember, I would have to block all incoming packets that were coming to
ports >1023, which could be a socket binded to a website for all I
know..

This isnt a solution. I dont think I want to block off all my ports for
a panel manager. Its never been a security problem before running it.

> 
> Having said that, there's security issues with any CORBA interface
> exported by your desktop at the moment, since any user on the local
> machine can use it.  I imagine this is an issue we can deal with
> later, using the X authority security system (since anything
> interested in your desktop's advertised services is also going to have
> to have the key to allow it to access your X server).
> 
> Ian.

Possibly, you could assign specific port ranges for the applets and
panel. Does every applet require its own binded socket?

I hope this problem is looked at and fixed, as I wouldnt want to see
some sort of buffer overflow exploit hit bugtraq.

Which looks like at the moment is possible.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]