Mailinglist Archive: opensuse (1483 mails)

< Previous Next >
Re: [opensuse] Should openSUSE review it's Security Policies?
On Wed, Feb 29, 2012 at 02:40:13PM -0500, Larry Stotler wrote:
As many are aware, Linus Torvalds has started a rant about the
security policies in openSUSE for things that require the root
password. From his Google+
post(https://plus.google.com/102150693225130002912/posts/1vyfmNCYpi5),
he names these:

Time Zone changes
Adding a Printer
Adding a wireless network.

Now, I don't usually see the wireless issue because KNetworkmanager in
KDE3(which I use) has never asked the root password for adding a new
network.

While at 37, I've never changed timezones(I lead a boring life) I
would have to agree that having to use the root password for this
would be annoying if I needed to change it because of a flight or
something.

I've worked with Linus on a hardware issue years ago, and I think we
should probably at least consider reviewing the policies if they do
need changed.

Hi,

Let me address in the points

- timezone changes he complains about

GNOME 3 uses just 1 root service for both timezone and actual UNIX time
changes.
If it were split, we could allow timezone for users and only allow unix time
for root.

(There are split DBUS services already, just GNOME 3 uses yet another new
one.)

=> It is a GNOME issue really.


- adding a printer

As it is already:
* Adding a known USB printer : No popup, no query ... the printer will just
start to work.

* Adding a Network printer: depending on the computers "networked
printer browsing" setup, will just work without interaction.

* Adding a new not yet known printer: Difficult.

If you even need a PPD file to set it up, or an external driver, allowing
this is the equivalent of giving out root access.


=> Setting up printers is a hard task, and root privilege escalation is
usually easy when
you are allowed to do it.


(I would also like to see it done on Windows 7 without Admin Password.)

- NetworkManager

12.1 shipped with 0.9 NetworkManager which was very fresh off the press.

Before 0.9 all WLAN connections were "user" based connections and did not
change
the system.


0.9 features now "system" and "user" based connections.

The default is "system" connections, it was not even possible to select the
"user" option.
A "system" connection is too deep and should only be configurable by root in
our eyes.

Sadly, the UI frontends did not offer the selection to select "user"
profiles, so it
was necessary.

Ludwig did quite some work on making the default more sane and it works now
at Linus
acceptance level I think.

=> NetworkManager and NM UI tools design issues make a secure and usable
default hard.


For all of those exists bugzilla entries.

All of those need less help on the security side, but way more help on
the implementation and design side in the User Interfaces, especially
NetworkManager.

Ciao, Marcus
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
References