On Tue, 2012-05-22 at 22:34 +0800, Marguerite Su wrote:
On Tue, May 22, 2012 at 10:00 PM, Bryen M Yunashko
wrote: On Tue, 2012-05-22 at 21:40 +0800, Marguerite Su wrote:
Hi, Andreas,
personally I think we'd better separate standard Linux server environment from single-user home desktop environment. they're totally different....and desktop users are growing in recent years in our forums(openSUSE is almost the only usable distro for home use)
I think this is easier said than done. While we have evidence that there are a lot of single-user desktop machines, it is less clear how many of them still use server functionality in the background. And a number of people *do* do this for testing purposes, or a makeshift home server, etc.
So the challenge, if we wanted to address different usages, would be to create security levels for 1) Servers, 2) Mixed Server/Desktop and 3) Desktop for Single users (I guess a 4th one for multi-user desktop.)
yes...easier said than done.
actually we forum moderators discussed such topic before in openSUSE forums' hidden moderator area...and no results. (we're digging linus at that time)
evidence shows a lot of users use openSUSE as home server.
but even home server is different from standard server environment. someone just use its old but big hard disks to store blue-ray movies, but others use it as a mail server...too hard to tell.
but one thing in common, if he defines his openSUSE as a "server", even a little bit, then the standard server environment should be what he needs...because he must know only a sys-admin can operate a server with full permission...and he must be ready to acquire such knowledge to "tweak". if not, it means he is explored to attacks under his own will.
But we're still thinking in terms of "at installation time." I can see easily someone setting up a desktop and then a month or two later say Hmm, let's add some server functionality. A simple website I can tell my friends to connect to. So security levels need to be easily modified during use, and not just during installation.
eg: I would like YaST2 never ask me root password to install software, since it's my laptop and no one else can use it...but it'll surely be banned in a security expert's eyes, and I don't know how to adjust it for myself
I agree that some basic functionalities shouldn't require passwords. Obvious are adding wifi networks or printer connections. However, I still greatly appreciate requiring a password even on my own machine for software installations. If anything, it becomes a gentle reminder to me that I must exercise my abilities with caution.
Also, unpassworded-software installation, in my opinion, exposes us to greater risks. Some malware out there can do a background installation without your awareness, and without password protection, we've made it much easier for those miscreants. The moment we remove this level of protection, we increase the invitation for malware creators to target openSUSE installations.
yes. it's just an extreme example...
actually the most famous openSUSE 12.1 tweak is "do not ask root password but use it when connecting to new wifi"...not root password to install software.
and linux malware is so few...take such risks to have a "less-annoying" OS might be normal users want...but I don't know.
Part of reason it is so few is because of inherent security. Take away some security and you invite malware makers to make more now that they know where the risks are.
and one thing to mention is that we have automatic updates...most of the backdoors are fixed in such updates...
Updates are for software you already have installed. In theory, this is approved and we're comfortable with them. So automatic updates to existing software from known repositories is fine. But new software that may not even come from a known repository is the risk. Someone clicks on some foo.rpm on a website and boom... problem. Furthermore, that installation might not get fixed by any openSUSE updates.
(no flame war like Linus did, of course I defend and vote for openSUSE, but one comment in it is good for me: it's easier for security persons to enable it than grandma to disable it)
This poses another question. Did grandma install openSUSE herself or did someone else do it for her? Both scenarios have different security implications. (Think in terms of "a little knowledge can be a dangerous thing.") :-)
oh I've heard an example before. the example of Mr oldcpu.
he lives in Germany, his mama lives in Canada, he went back home 4 years a time.
so his mama is using openSUSE 11.3 which receives no updates for now.
so it means no matter how secure a system is for now...it'll not as secure later.
and no matter how many tweaks a help hand did, one day you have to do it yourself or explore youself to outside attack.
that's why I have the idea to have different level "tweak" package(s) to make that work easy.
Sure. I think providing levels is a good idea. But as I said earlier, ultimately it depends on the complexity of development as well as we cannot implement levels without some very good detailed documentation. This is CARDINAL in my opinion or we'll have a huge mess down the road. Bryen
Bryen M Yunashko
so mix them up may generate no balanced results and may trigger another flame war in our forums...
I hope we may/can have a package called polkit-default-home-use or something to fulfill that kind of needs....of course too hurry for 12.2, may be later
Greetings
Marguerite
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
marguerite
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org