ubuntu-phone team mailing list archive

[Matthias Apitz <guru@xxxxxxxxxxx>]

El día Friday, April 03, 2015 a las 09:47:33PM +0200, Michał Sawicz escribió:

> >> Isn't not listening on any outside port better than putting a firewall
> >> on the device? If you find a service that is actually listening on the
> >> device, that'd definitely be a bug that needs fixing.
> > 
> > The device is at least (after enabling SSH) listening on port 22.
> 
> Yes, after enabling it, which is a developer thing to do.

Yes, but after enabling this, it is always there; and even in dev mode
it could be protected by some access-list, or firewall;

> >> Can you describe an attack vector you're imagining that would require a
> >> firewall to be installed on the device?
> > 
> > The above mentioned port 22 and any other any app may LISTEN on.
> 
> Apps are confined, they can not open ports to listen on.

I dod not knew this, that apps can not open any LISTEN.

And, what about DSO attacks?

	matthias
-- 
Matthias Apitz, guru@xxxxxxxxxxx, http://www.unixarea.de/ +49-170-4527211
"Wenn der Mensch von den Umständen gebildet wird, so muß man die Umstände menschlich bilden."
"Si el hombre es formado por las circunstancias entonces es necesario formar humanamente
las circunstancias", Karl Marx in Die heilige Familie / La sagrada familia (MEW 2, 138)