kdeinit - kio - stand alone

M.H listinfo at club-internet.fr
Fri Sep 20 20:38:12 BST 2002

Le Vendredi 20 Septembre 2002 21:05, Michael Leone a écrit :
> M.H said:
> > Is there a way to have kde applications to access to network interface
> > without having them to use the kdeinit : kio .. parent processes?
> > For instance I would like kmail to use directly my network interface
> > (ethX or pppX). It is extremely *unsecure* to have all kde applications
> > accessing network interfaces by only one parent process. The main reason
> > is that it is very hard to have control on them.
> I'm confused ... do you want to lock down a workstation, so that only
> certain types of traffic goes out? 

Well, I'm talking in the perspective of destop use of linux (that will be, I hope, in
a very near future for the mass).
Yes I would like the workstation to have control on the outgoing traffic.

>Wouldn't it be a whole lot easier to
> just use a dedicated firewall/gateway?

For a joe user, I don't think that he will go and buy another computer for a dedicated use! :)

 You can then use iptables rules on

> it, customized per user (well, per IP), and per protocol/port,

But you still don't know *who* (the application) is going out. 2 applications can use the same protocol and port..
Maybe you've guessed the fear : malicious applications that use internet access without letting you know. Lets take the free divxplayer.
It uses port 80 to call home to register or check updates. If you block your outgoing port 80, that is really locking :).
Some commercial appplications do the same.
But with a restrictive ruleset, you can allow a PID 'mozilla-bin' or 'any-other-pid-name-that-you-want-to-allow' and you have control on your
outgoing traffic. 

> without
> worrying about have to do a major re-write of KDE.

This message is from the kde mailing list.
Account management:  http://mail.kde.org/mailman/listinfo/kde.
Archives: http://lists.kde.org/.
More info: http://www.kde.org/faq.html.

More information about the kde mailing list