Mailinglist Archive: opensuse-factory (1029 mails)

< Previous Next >
Re: [opensuse-factory] Re: [opensuse] Re: What happened to dovecot?
  • From: Claudio Freire <klaussfreire@xxxxxxxxx>
  • Date: Fri, 29 Nov 2013 20:14:37 -0200
  • Message-id: <CAGTBQpaRRT5RdA85Y+qipoF7j8JhpRtjhs4mYFAy=7WURAvUmg@mail.gmail.com>
On Fri, Nov 29, 2013 at 6:34 PM, L.A. Walsh <suse@xxxxxxxxx> wrote:
On 11/29/2013 9:00 AM, Claudio Freire wrote:

On Fri, Nov 29, 2013 at 3:20 AM, L.A. Walsh <suse@xxxxxxxxx> wrote:

On 11/28/2013 1:13 PM, Claudio Freire wrote:

Standard or not, it's the kind of security mechanism that takes so
much effort and knowledge to properly set up, that it HAS to be set up
by the distribution, and by default, to be of any value.

----
Then why are firewalls 3rd party applications? They can be just
as hard to configure.


They're not. Linux firewalls live in the kernel, and default linux
installs (especially openSUSE) have included properly configured
firewalls for years.
Maybe you're thinking windows.

----
Sorry, firewall != packet routing. The kernel has packet routing.
It's not until it is configured to selectively reject or drop packets that
it becomes a firewall. Maybe you are forgetting, for example, shorewall?
There've been others before that.

Shorewall is an iptables frontend. I don't see how that makes iptables
not a firewall.

Well, firing up yast and turning it off isn't rocket science, but
sure, an option somewhere on the advanced install procedure couldn't
hurt.

----
How would they know it is on or where to go to turn it off if
they were new to OpenSuse?

Barring malfunction, if they don't know, they don't need to.

If there's a malfunction (or misconfiguration), filing a bug report is
what's needed.

In any case, turning it off isn't.

So are you saying, or do you believe that if you don't force the
security
policy on users, it won't be of any value?


Pretty much.

---
Um again, difference between installing it on, or installing pre-
configured & off.

Pre-configured and off leaves the majority of the install base unprotected.

Ie: regular users, and that includes many developers, anyone not
specialized in linux security in fact, don't really know how to
configure something like AppArmor or SELinux, and if they know, they
don't want to have to spend the time to do it on every installation.

---
Well, firing up yast and turning it ON isn't rocket science...

Only if it comes pre-configured. Otherwise, it is, since it implies
building the profiles.

For the ones that do not know, having it on by default is a necessity,
since they won't even think of turning it on. And those are probably
over 90% of the target audience.

----
For the ones that do not know opensuse has a non-default
security, they won't even know what to turn off, let alone where.

Well, it's a tradeoff. Security of oblivious users wins IMNSHO.

And in this field (security), statistics matter. Securing 1% of the
target audience is worth nothing, well, unless that 1% happens to work
on a nuclear reactor or something critical like that. But having a
good chunk of the install base vulnerable just encourages botnet
proliferation, and that's a problem for us all.

----
Documentation? Botnets have not been a problem on Linux --
especially those configured with firewalls. Maybe you are thinking
Windows? ;-)

As always in security, you're quite naive[0] (I just googled that, I
make no claims about its content).

If that were the case, it'd only be because security in linux is taken
seriously and by default.
What you propose (making it off by default), is the exact opposite.

First thing many product vendors could get right is to not assume
they know what is best for all users. Only notable problem I had with
a mixed linux/Windows environment, was the linux sendmail being
misconfigured
upon upgrade to stop enforcing my access list.

It was caught before much damage happened, but apparmor wouldn't
have
helped because it was right after an upgrade and no baseline for the new
apps
had been set, so any new rules that were needed would likely have been
missed
in setup-related approvals.

No, no, AppArmor wouldn't have helped because the kind of behavior it
prevents isn't one that resembles sendmail's primary function so much
(ie: sending mail). AppArmor wouldn't have even noticed anything
weird.

BUT, if the bug had been more serious, and it had allowed remote code
execution, AppArmor WOULD have prevented someone from installing a
rootkit in your computer and gaining root.

That type of security policy might be more useful in
protecting
computers FROM the USERS... Turning it on by default, certainly
indicates
an unwillingness
to even give users a choice of what security mechanisms they want on
their
computer.


FUD

---
So making things clear and apparent to users is FUD, while doing
things without their consent is fine? You got FUD backwards.

I'm all for making things clear.

Not for disabling AppArmor by default. If anything, quite the
opposite. I suggest it should be kept on by default, and with profiles
for as many applications as possible.

And if a prompt is added to the install procedure, it has to state
clearly that if in doubt, leave it on.

[0] http://www.itworld.com/security/77499/first-linux-botnet
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups