[maemo-developers] Security Guidance for N800 OS development

[From: Paul Klapperich]

On 2/20/07, Simon Budig <simon at budig.de> wrote:
>
> I guess you are missing the point here: Usually a nokia tablet does not
> have internet services running. Asking for iptables is like asking for a
> padlock, when your house does not have any doors. In that case the lock
> would not at all improve the security.


The internet tablet runs an Xserver for one. Use nmap on your PC to scan
your Nokia. It has open ports. Marius had specifics earlier.

Regardless, people /are/ running additional services on their devices. I run
xserver--which has no security except it only runs when I tell it to--as
well as privoxy, and openssh. Yes, I have the latter two packages set to
only allow connections from localhost, but what if there's a bug that allows
remote hosts under some situations; buffer overflows, for example. If I had
iptables I could also specify that to drop packets from untrusted sources.

So far you have not yet specified *why* having iptables on the device
> would help with the security.


Umm.. Because it's a firewall. That's the purpose of a firewall: to improve
security. Can you think of anyway it might harm security? Or any harm it
might do aside from making the kernel a little larger? IMHO, anything
internet connected should have some sort of firewall. Since we have a Linux
kernel, it would make most sense to have iptables.

And that's all I'm going to say. It looks like this is about to turn into a
flame war, so I'm stepping out. Cheers!

--Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.maemo.org/pipermail/maemo-developers/attachments/20070220/62c4f4ed/attachment.htm