[maemo-developers] Security Guidance for N800 OS development

From: Daniel Stone daniel.stone at nokia.com
Date: Wed Feb 21 01:30:26 EET 2007 
On Tue, Feb 20, 2007 at 04:34:21PM -0600, ext Paul Klapperich wrote:
> Nokia really doesn't have to do anything to "guarantee" that 3rd party apps
> are safe, but I would certainly trust the integrity an official iptables
> compiled by Nokia. They certainly have something to loose by somehow
> subverting it, so I would trust it. And as it really wouldn't take anything
> more than a checking the option in the kernel config before building, I
> really don't think this is any additional burden to them.

Okay, so what are you going to do with this iptables package?  As far as
I can tell, there are two options:
  a) nothing;
  b) iptables -P INPUT DROP; iptables -A INPUT -m state --state
     ESTABLISHED,RELATED -j ACCEPT

a) provides no change over the status quo.
b) provides no change over the status quo, except that it encourages
people to have open ports.  It would mean that people who wanted to
listen to the outside world have to explicitly punch a hole in the
firewall.  Right now, people who want to listen to the outside world
have to explicitly open a socket on that interface, which to me is a
pretty clear statement of intentions.

I just don't see why you would want it.  How would it make things more
secure, at all, except for the warm fuzzies that come from having a
firewall?  It provides no practical benefit in any case which isn't
hopelessly contrived.

Cheers,
Daniel (not responsible for this decision, not speaking for N, etc etc)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.maemo.org/pipermail/maemo-developers/attachments/20070221/e8f1e519/attachment.pgp
More information about the maemo-developers mailing list