Firewall Wizards mailing list archives
Re: X server in a Firewall
From: Chuck Swiger <chuck () codefab com>
Date: Tue, 24 Jan 2006 21:55:10 -0500
John M wrote:
On remote access:Web servers tend to increase the risk, as does any remote technology.OK. But what is your recommendation to a fortune 500 company? :) That is, if Coca-Cola wanted a unix based firewall and _wanted manage it trough a graphical interface_, what would you suggest? A X server running in a firewall sounds bad, but a web server or ssh server could be even worse (key logger on the management station or buffer overflow in the ssh or web daemon and both run as root, so to have permission to change the fw rules)
In terms of their security history, OpenSSH isn't perfect, but comparing it to X11 is pretty amusing. Which one would you rather audit for poorly written code, potentially exploitable buffer overflows, and other security vulnerabilities: 5-pi% cd /usr/ports/distfiles && ls -lh openssh-4.2p1.tar.gz xorg/X11R6* -rw-r--r-- 1 root wheel 893K Sep 1 02:30 openssh-4.2p1.tar.gz -rw-r--r-- 1 root wheel 31M Feb 25 2005 xorg/X11R6.8.2-src1.tar.gz -rw-r--r-- 1 root wheel 3.8M Feb 25 2005 xorg/X11R6.8.2-src2.tar.gz -rw-r--r-- 1 root wheel 9.9M Feb 25 2005 xorg/X11R6.8.2-src3.tar.gz ...? -- -Chuck _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- X server in a Firewall John M (Jan 24)
- Re: X server in a Firewall Paul D. Robertson (Jan 24)
- Re: X server in a Firewall John M (Jan 24)
- Re: X server in a Firewall Paul D. Robertson (Jan 24)
- Re: X server in a Firewall Brian Loe (Jan 24)
- Re: X server in a Firewall Paul D. Robertson (Jan 24)
- Re: X server in a Firewall John M (Jan 24)
- Re: X server in a Firewall Chuck Swiger (Jan 24)
- Re: X server in a Firewall Marcus J. Ranum (Jan 24)
- Re: X server in a Firewall Cat Okita (Jan 24)
- Re: X server in a Firewall John M (Jan 24)
- Re: X server in a Firewall Marcus J. Ranum (Jan 24)
- Re: X server in a Firewall Peter Bruderer (Jan 25)
- Re: X server in a Firewall Paul D. Robertson (Jan 24)
- Re: X server in a Firewall Cat Okita (Jan 24)
- Re: X server in a Firewall Paul D. Robertson (Jan 24)
- Re: X server in a Firewall Cat Okita (Jan 24)