Bug 13199
Summary: | GNOME desktop listens on many TCP sockets | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Chris Evans <chris> |
Component: | ORBit | Assignee: | Elliot Lee <sopwith> |
Status: | CLOSED RAWHIDE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | high | ||
Version: | 7.1 | CC: | matthew, notting, pbrown |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2000-07-31 21:56:08 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Chris Evans
2000-06-28 22:18:13 UTC
Elliot, we have to give some sort of compromise on this issue. There is too much traffic about it.. we need something. Here's a thought. Debian use /etc/orbitrc to disable listening sockets. We all agree that doing this on a system-wide scale is a little excessive, however. So why not include a safe .orbitrc in /etc/skel? This gets us the following - A safe default for all desktop users - Any system CORBA application will be able to use TCP sockets unimpeded (assuming of course it correctly doesn't run under a user account) For what it's worth (and Elliot's silence would appear to indicate that he doesn't think any of this discussion is worth much) as an ORBit user (outside of GNOME) I'd much rather it was disabled. We have fairly granular CORBA services on server machines, and very few of them need to be exposed to the outside world. Matthew, Your strong opinion is already well known. However, I don't think it counts as representative of the user base. :) This defect is considered MUST-FIX for Winston Beta-5 This defect has been re-classified as MUST-FIX for Winston Gold-release Here's another datapoint - A recent Helix GNOME update has disabled TCP listening ORBit sockets. The mechanism is /etc/orbitrc. To be honest I suddenly realised that maybe the number of people pissed at listening by default, exceeds the number of people who would be inconvenienced by it being turned off be default. Why not use the public BETA, BETA-5 as a testing ground? Disable listening sockets in /etc/orbitrc, like Debian and Helix, and see what kickback you get. Tick... tick... tick... that's the countdown to the public beta ;-) Seems to be fixed in BETA5, nice one. For the record, I've fired up the KDE pre-2.0 desktop. It still listens on no TCP sockets by default which is good. |