Mailinglist Archive: opensuse-factory (602 mails)

< Previous Next >
[opensuse-factory] Re: [PLEASE SPEAK UP] Disabling legacy file systems by default?
  • From: Jim Henderson <hendersj@xxxxxxxxx>
  • Date: Tue, 12 Feb 2019 18:41:09 -0000 (UTC)
  • Message-id: <q3v405$5149$1@blaine.gmane.org>
On Tue, 12 Feb 2019 11:25:38 +0100, Carlos E. R. wrote:

On 11/02/2019 21.13, Jim Henderson wrote:
On Mon, 11 Feb 2019 21:11:07 +0100, Carlos E. R. wrote:

I mean, if we want to make sure there are no problems in their path,
let's remove usernames and passwords as well. Passwords are just an
obstacle to a good user experience, after all.

Well, there is the setting easy/secure/paranoid. It could be expanded.

And who are the users going to blame when their system is compromised?

They're not going to own it. They're going to blame our default
settings.

I'm not saying that.

I'm saying that we could expand these choices. If you (I mean, the user)
choose a setting in YaST like "I want easy setup even if not fully
secure at my own risk", and that setting includes not blacklisting
modules, and other things that may arise, that would be another solution
to our problem.

I'm not actually proposing it, I'm only thinking aloud, wondering.

Yes, I get that - but my answer still applies. If we provide an 'easy'
button that leaves the system insecure and they are compromised, even
with all the warnings in the world, they're going to say "I picked 'easy'
because I wanted it easy. I assumed that the system would still be
secure." and the project will get the blame.

An 'easy' setting shouldn't be an insecure setting - otherwise, it's
insecure by design, and that's poor design.

I'm not opposed to having an option that clearly spells out "you can
enable these legacy filesystems, but they may open your systems up to
security exploits that are unknown - USE AT YOUR OWN RISK". Doing it
without saying that we're doing it is a bad idea - just as bad as leaving
it to the people who want to be more secure to figure out how to
blacklist these filesystems.

Maybe they could all be put in a separate kernel package - kernel-default-
legacyfilesystems or something and don't install it by default unless one
of those filesystems is detected on the system. Then make a lot of noise
about "we're installing this package, but know that you may be open to
security exploits as a result of using unmaintained, legacy filesystems".

That's a reasonable solution as well - make them available where they're
needed, and don't make them available where they're not.

--
Jim Henderson
Please keep on-topic replies on the list so everyone benefits

--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
List Navigation
This Thread
Follow Ups