2012/10/18 Matthew Paul Thomas <m...@canonical.com> > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Nicolas Michel wrote on 17/10/12 07:23: > > > > I think what Brian wants (correct me if not) is an application > > level firewall. On Windows most antivirus do it : you get a popup > > when an application try to access something you didn't already > > allowed to. I think what should be done is an AppArmor graphical > > frontend (with notifications). > > If anyone would like to implement that, here's a design I prepared > earlier. <https://wiki.ubuntu.com/Networking#firewall> > > However, Brian specifically mentioned "the logging features of the > application-firewall", not just the firewall itself. > > > ... > > > > But honestly, Linux is not Windows Brian. Every application is > > open-source (except if you installed a propriatary app from the > > net). It means from a security point of view that everyone can > > read the source code (it he has the skill) and see what the > > application do exactly. > > As Ma pointed out, this is less true as USC sells more proprietary > applications.
Maybe it should be the Canonical/Ubuntu responsibility to provide an AppArmor profile for each proprietary app which is proposed. That profile should be asked by the propriatary dev (saying what they need to access to), validated and created by the ubuntu maintainer of that app. So even if the devs of the propriatary app change the behavior of the app, it won't be allowed without changing the AppArmor profile and so, everyone will know it. Even if it was true, though, I expect it would be much > easier to figure out what a program is doing network-wise by running > something like wireshark, than by reading the source code for the > application and all its dependencies. > - -- > mpt > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ > > iEYEARECAAYFAlB/uXIACgkQ6PUxNfU6ecqjuQCgpKCoOsdzbFvotkeXoysLAFA7 > VAIAnRxRkP9zFdCKsjBmeCKmFVaAW518 > =HcXw > -----END PGP SIGNATURE----- > > -- > Ubuntu-devel-discuss mailing list > Ubuntu-devel-discuss@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss > -- Nicolas MICHEL
-- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
