alt Hacker NewsJust have sane firewall rules and you are good. E.g. if I install openssh-server and it auto starts, it doesn't make it out of my machine because my nftables does not allow inbound on port 22. It's just knowing the default behaviour and adjusting your practices for it.
Replies
rbanffy • last Sunday at 1:30 PM
A sane firewall won't protect you from privilege escalation from a local attacker. While unlikely, this is one more breach that could be exploited.
➕ show 1 reply
account42 • last Monday at 9:14 AM
This is the "you're holding it wrong" response to a clear design issue.
teo_zero • last Sunday at 7:19 AM
Aren't firewall rules part of the "configuration" the OP talked about?
➕ show 1 reply
That is a workaround for a ridiculous issue.