On Fri, Nov 29, 2013 at 6:34 PM, L.A. Walsh
On 11/29/2013 9:00 AM, Claudio Freire wrote:
On Fri, Nov 29, 2013 at 3:20 AM, L.A. Walsh
wrote: On 11/28/2013 1:13 PM, Claudio Freire wrote:
Standard or not, it's the kind of security mechanism that takes so much effort and knowledge to properly set up, that it HAS to be set up by the distribution, and by default, to be of any value.
---- Then why are firewalls 3rd party applications? They can be just as hard to configure.
They're not. Linux firewalls live in the kernel, and default linux installs (especially openSUSE) have included properly configured firewalls for years. Maybe you're thinking windows.
---- Sorry, firewall != packet routing. The kernel has packet routing. It's not until it is configured to selectively reject or drop packets that it becomes a firewall. Maybe you are forgetting, for example, shorewall? There've been others before that.
Shorewall is an iptables frontend. I don't see how that makes iptables not a firewall.
Well, firing up yast and turning it off isn't rocket science, but sure, an option somewhere on the advanced install procedure couldn't hurt.
---- How would they know it is on or where to go to turn it off if they were new to OpenSuse?
Barring malfunction, if they don't know, they don't need to. If there's a malfunction (or misconfiguration), filing a bug report is what's needed. In any case, turning it off isn't.
So are you saying, or do you believe that if you don't force the security policy on users, it won't be of any value?
Pretty much.
--- Um again, difference between installing it on, or installing pre- configured & off.
Pre-configured and off leaves the majority of the install base unprotected.
Ie: regular users, and that includes many developers, anyone not specialized in linux security in fact, don't really know how to configure something like AppArmor or SELinux, and if they know, they don't want to have to spend the time to do it on every installation.
--- Well, firing up yast and turning it ON isn't rocket science...
Only if it comes pre-configured. Otherwise, it is, since it implies building the profiles.
For the ones that do not know, having it on by default is a necessity, since they won't even think of turning it on. And those are probably over 90% of the target audience.
---- For the ones that do not know opensuse has a non-default security, they won't even know what to turn off, let alone where.
Well, it's a tradeoff. Security of oblivious users wins IMNSHO.
And in this field (security), statistics matter. Securing 1% of the target audience is worth nothing, well, unless that 1% happens to work on a nuclear reactor or something critical like that. But having a good chunk of the install base vulnerable just encourages botnet proliferation, and that's a problem for us all.
---- Documentation? Botnets have not been a problem on Linux -- especially those configured with firewalls. Maybe you are thinking Windows? ;-)
As always in security, you're quite naive[0] (I just googled that, I make no claims about its content). If that were the case, it'd only be because security in linux is taken seriously and by default. What you propose (making it off by default), is the exact opposite.
First thing many product vendors could get right is to not assume they know what is best for all users. Only notable problem I had with a mixed linux/Windows environment, was the linux sendmail being misconfigured upon upgrade to stop enforcing my access list.
It was caught before much damage happened, but apparmor wouldn't have helped because it was right after an upgrade and no baseline for the new apps had been set, so any new rules that were needed would likely have been missed in setup-related approvals.
No, no, AppArmor wouldn't have helped because the kind of behavior it prevents isn't one that resembles sendmail's primary function so much (ie: sending mail). AppArmor wouldn't have even noticed anything weird. BUT, if the bug had been more serious, and it had allowed remote code execution, AppArmor WOULD have prevented someone from installing a rootkit in your computer and gaining root.
That type of security policy might be more useful in protecting computers FROM the USERS... Turning it on by default, certainly indicates an unwillingness to even give users a choice of what security mechanisms they want on their computer.
FUD
--- So making things clear and apparent to users is FUD, while doing things without their consent is fine? You got FUD backwards.
I'm all for making things clear. Not for disabling AppArmor by default. If anything, quite the opposite. I suggest it should be kept on by default, and with profiles for as many applications as possible. And if a prompt is added to the install procedure, it has to state clearly that if in doubt, leave it on. [0] http://www.itworld.com/security/77499/first-linux-botnet -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org