Mailinglist Archive: opensuse-factory (564 mails)
| < Previous | Next > |
Re: [opensuse-factory] Re: [opensuse-kernel] debugfs mounted by default - necessary to remove?
- From: "Brian K. White" <brian@xxxxxxxxx>
- Date: Thu, 08 Dec 2011 19:40:29 -0500
- Message-id: <4EE158FD.3050406@aljex.com>
On 12/7/2011 1:44 PM, Linda Walsh wrote:
This isn't about freedom. This is simple robust design vs cross-your-fingers-and-pray design.
Yet another analogy that uses already accepted wisdom to make the point that should never have been up for debate in the first place:
This is approximately the same thing as why "you just do not log in as root for day to day use".
You log in as root only when you need to for some specific reason, the rest of the time you operate as a user with vastly reduced privileges.
The reasons why are well explained many times over to every new unix admin, and Windows too for that matter, and the theory is beyond any doubt or debate.
This has nothing to do with freedom. Please do not try to warp the conversation with emotional misdirection.
The ludicrous extreme examples like "turn the machine off and it's even safer" are likewise invalid attempts at misdirection. The electricity is actually a necessary function for most users by default. That fact that the machine is running and does anything at all is a necessary function for most users by default. No one has yet shown that debugfs is a necessary function for most users by default. Can you not view a web page, play an mp3, edit a document, send an email, without debugfs?
I'm not actually saying debugfs is necessarily so horrible, but so far the arguments presented here against the OP's questioning of it being enabled by default for everyone, have been stupid and invalid and have missed the core point of robust design in general, let alone in the security context.
--
bkw
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx
Cristian RodrC-guez wrote:
On 07/12/11 10:49, Marcus Meissner wrote:
"principle of least privilege" is probably the better wording.
Which usually becomes the "principle of least possible usability" :-(
----
Bingo.
Principle of least privilege is great for systems designed to constrain
and control users. You want to keep users under your thumb and allow
them nothing unless they need it. That how the US government is becoming...
The alternative is 'freedom' -- and educating users how to responsibly use
that freedom. But in doing that -- you create users with more 'self
power' --
not good if you are trying to center/gather power at the top.
The US was built in an attempt to create a shared and distributed, on
the idea that it would grow best by giving local authorities carte-blank
except
in key areas needed to be controlled by the central authority.
Unix was created in the same spirit -- to enable people .. not to
control them (look to VMS/ IBM for those OS's). Those controlling OS's are
all but dead, and the innovation coming from those under those systems
is likely VERY different from the level of innovation of someone
developing on an open platform.
In short. A desired for a 'controlled/controlling' system to be
the 'default' is a reflection of wanting to dominate and control users
-- which
will lead to lower productivity (which as happened in the US as more
freedoms were taken by the government (and made illegal), the US's
economy has suffered -- instead of finding fulfillment through work and
acquiring new knowledge, people are encouraged to have fun in beer
football, and playing politics to
see who can become the most powerful (at the expense of the rest of the
players).
Linux/Unix is designed top be open as it was designed to be LEARNED
from. We don't want to hide thigns by *default* ... (which says nothing
about making it have the ability to be configured 'closed' --
flexibility and
configurability are good things). But the default configuration going
out to users -- should be 'open' and transparent. And importantly -- an
open source
allows end users to discover flaws and more quickly fix them and/or work
around
them, vs. closed source OS's like *R*X, that had 10's of thousands of
bugs filed against it (many from internal people). But policy was to
only fix those
bugs when a paying customer found them.
The most secure system is one that is open and transparent -- where
everyone can see the security code -- but even knowing the formulae,
doesn't
give them access, or benefit, as the algorithms create authentication
tokens
on the fly that are not decipherable/decryptable in any useful time period.
I.e. it's security through good design, vs. security though obscurity --
and yes, a closed up system is a form of security through obscurity....
you may
not be hiding passwords in the code, but you are hiding algorithms in
the code, that, in well designed ones, don't give you any advantage.
Their advantage is in the algorithm, not whether or not the algorithm is
known.
Please think about that Marcus. I'm 100% with you in having the
*options* for strong hardening present, but don't think they should be
the default... it's not the write-mindset for the space, IMO....
-linda
This isn't about freedom. This is simple robust design vs cross-your-fingers-and-pray design.
Yet another analogy that uses already accepted wisdom to make the point that should never have been up for debate in the first place:
This is approximately the same thing as why "you just do not log in as root for day to day use".
You log in as root only when you need to for some specific reason, the rest of the time you operate as a user with vastly reduced privileges.
The reasons why are well explained many times over to every new unix admin, and Windows too for that matter, and the theory is beyond any doubt or debate.
This has nothing to do with freedom. Please do not try to warp the conversation with emotional misdirection.
The ludicrous extreme examples like "turn the machine off and it's even safer" are likewise invalid attempts at misdirection. The electricity is actually a necessary function for most users by default. That fact that the machine is running and does anything at all is a necessary function for most users by default. No one has yet shown that debugfs is a necessary function for most users by default. Can you not view a web page, play an mp3, edit a document, send an email, without debugfs?
I'm not actually saying debugfs is necessarily so horrible, but so far the arguments presented here against the OP's questioning of it being enabled by default for everyone, have been stupid and invalid and have missed the core point of robust design in general, let alone in the security context.
--
bkw
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx
| < Previous | Next > |