Red Hat Bugzilla – Bug 13199
GNOME desktop listens on many TCP sockets
Last modified: 2008-05-01 11:37:56 EDT
The default GNOME desktop, when fired up, listens on multiple TCP sockets.
Risks like that should be left to users who pick server class installs, not
desktop class installs!
Between GNOME-1.0 and GNOME-1.2, the GNOME team stopped gnome-session
listening on TCP with libICE. That's a step forward but the current
situation is exposure of libORBit code to the network.
Recent intense debate on gnome-list concluded with a large majority, that
listening on TCP sockets in default configuration is mad. The functionality
to risk ratio is _way_ over towards risk (even advanced GNOME users don't
need TCP listening panel applets).
Debian fix this by putting a global config directive in /etc/orbitrc.
However I'm not sure we can persue that. As Elliot Lee rightly points out,
libORBit might be used by something other than GNOME, which makes disabling
the ORB's TCP sockets less desirable.
Something definitely needs to be done, though..... I'd love to see RH7.0
take a step forward in the desktop security department.
Elliot, we have to give some sort of compromise on this issue. There is too much
traffic about it.. we need something.
Here's a thought.
Debian use /etc/orbitrc to disable listening sockets. We all agree that doing
this on a system-wide scale is a little excessive, however.
So why not include a safe .orbitrc in /etc/skel? This gets us the following
- A safe default for all desktop users
- Any system CORBA application will be able to use TCP sockets unimpeded
(assuming of course it correctly doesn't run under a user account)
For what it's worth (and Elliot's silence would appear to indicate that he
doesn't think any of this discussion is worth much) as an ORBit user (outside of
GNOME) I'd much rather it was disabled.
We have fairly granular CORBA services on server machines, and very few of them
need to be exposed to the outside world.
Your strong opinion is already well known. However, I don't think it counts as
representative of the user base. :)
This defect is considered MUST-FIX for Winston Beta-5
This defect has been re-classified as MUST-FIX for Winston Gold-release
Here's another datapoint
- A recent Helix GNOME update has disabled TCP listening ORBit sockets. The
mechanism is /etc/orbitrc.
To be honest I suddenly realised that maybe the number of people pissed at
listening by default, exceeds the number of people who would be inconvenienced
by it being turned off be default.
Why not use the public BETA, BETA-5 as a testing ground? Disable listening
sockets in /etc/orbitrc, like Debian and Helix, and see what kickback you get.
Tick... tick... tick... that's the countdown to the public beta ;-)
Seems to be fixed in BETA5, nice one.
For the record, I've fired up the KDE pre-2.0 desktop. It still listens on no
TCP sockets by default which is good.