kdeinit - kio - stand alone

Sat Sep 21 06:49:59 BST 2002

Le Samedi 21 Septembre 2002 06:44, Mike Leone a écrit :
> * M.H (listinfo at club-internet.fr) wrote this on 09 20, 02 at 15:33:
> > Le Vendredi 20 Septembre 2002 21:05, Michael Leone a écrit :
> > > M.H said:
> > > > Is there a way to have kde applications to access to network
> > > > interface without having them to use the kdeinit : kio .. parent
> > > > processes? For instance I would like kmail to use directly my network
> > > > interface (ethX or pppX). It is extremely *unsecure* to have all kde
> > > > applications accessing network interfaces by only one parent process.
> > > > The main reason is that it is very hard to have control on them.
> > >
> > > I'm confused ... do you want to lock down a workstation, so that only
> > > certain types of traffic goes out?
> >
> > Well, I'm talking in the perspective of destop use of linux (that will
> > be, I hope, in
>
> So was I. :-)
>
> > Yes I would like the workstation to have control on the outgoing traffic.
> >
> > >Wouldn't it be a whole lot easier to
> > > just use a dedicated firewall/gateway?
> >
> > For a joe user, I don't think that he will go and buy another computer
> > for a dedicated use! :)
>
> Of course not; they do what most Linux users do, and re-use an old
> 486/Pentium 1 with 2 NICs. :-)

And what to do in the case of someone who is using linux on a laptop, and travel with it? :)
That is that case here. And  what a hassle, to set another computer just for 
firewalling. In a productive point of view and easy to use for Mr Everyone, that doesn't sound
reasonable. Why switch on 2 computers just for using one....

>
> Like I have done for 3 or 4 years, even when I only had
> dialup.  I pulled my Pentium 100 (literally) out of the trash pile at
> work, and if you use LEAF <http://leaf.sourceforge.net>, you don't even
> need a hard drive, just a floppy.
>
> > But you still don't know *who* (the application) is going out. 2
> > applications can use the same protocol and port.. Maybe you've guessed
> > the fear : malicious applications that use internet access without
> > letting you know. Lets take the free divxplayer.
>
> On Linux? Doubtful. :-) But possible.

What T mean by malicious code is any code that do 'secretly something'.
Of course, when you have source code you can trust in the application
(even if you don't know how to read the code, but know that in the community,
there are people who do it and will let everyone know if something wrong).
But if you install a binary and don't have the code source, the only way to trust
it is to trust your security setting.
If linux becomes a Mr everyone's OS,  there will be more commercial software
that will be provided without source code, and you'll need to secure your OS
against those trojan-like behaviours.
That is why, I needed to know if it is possible to detach kmail, konqueror
and so on.. from the kio parent process. Because, kio is something like a tunnel,
but open for any applications. And if you open the tunnel, any application 
have access to the Internet. But if you close it, no kde applications using kio
can access to Internet. 
Of course I could also switch to another mailer and for the other applications to their
equivalent but not kde applications and just use kde for windows managing.
I like using kmail, it is simple and have the features I need, but would like to have a little more control on it :)
Without needing to give more rights to the other kde applications :)

>
> ___________________________________________________
> This message is from the kde mailing list.
> Account management:  http://mail.kde.org/mailman/listinfo/kde.
> Archives: http://lists.kde.org/.
> More info: http://www.kde.org/faq.html.

___________________________________________________
This message is from the kde mailing list.
Account management:  http://mail.kde.org/mailman/listinfo/kde.
Archives: http://lists.kde.org/.
More info: http://www.kde.org/faq.html.