[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Browser mode for nautilus



On Mon, 2008-10-27 at 15:29 -0600, Stephen John Smoogen wrote:
> O>
> >> I don't know what kind of desktops you're referring to but desktops  are
> >> the soft-squishy inside that gets large corporate networks in deep
> >> trouble when there is an border fw breach. This is why it is important
> >> to have a multi-layered security policy/infrastructure.
> >> 1. border fw
> >> 2. host-based fw  - including desktops
> >> 3. deny-all policies at the system level
> >> 4. well-audited apps that are runnable
> >> 5. restrictive policies on what can be run at all.
> >>
> >> If you want to argue that enhancing the firewall technology that we are
> >> currently using to allow a more nuanced user-interaction other than 'on'
> >> or 'off' that's fine by me - but relying on selinux to solve all
> >> network-border issues seems like the wrong tool for the job.
> >
> > You're missing the point. It makes no sense to split items 2-5. If a
> > user wants to run an application then he will sit down and reconfigure
> > all the firewalls he has control over until things work for him. (If he is not
> > capable of that then he will file a bug and cry). And hence, having
> > those four levels of defense is just pointless. A user will circumvent
> > that anyway if he wants to run his app. The firewall hence simply
> > works as an annoying extra step. It's like a message box asking you:
> >
> >      "Hey, you just started application 'foo'. Are you really sure you
> >      want to do that? I mean *really*?"
> >
> > And if the users says "yes", then it will show another box:
> >
> >      "I don't believe you, but I will allow you to do it if you solve
> >      the following difficult math problem!"
> >
> > Having desktop firewalls is security theatre. Having 20 levels of
> > false and inappropriate security is worse then having a single level
> > of security that is appropriate for the task.
> 
> My guess is that having priv-sep, passwords, etc are all security
> theatre for the desktop user in this case. I mean if application X
> can't work without me being root then why not be root? If having a
> password slows me down from getting stuff done, why not remove it. For
> this level.. why are we doing anything beyond Windows 98 which seems
> to be the perfect desktop platform.
> 

Stephen,
 Here's the problem. Yours and My experience of users is most likely
very different from David's or Lennart's. Our experience is of users who
need to do a finite set of tasks for work and/or education. Everything
else is either disallowed by policy and/or not supported/ignored.

My experience of users is that if you give them a box and a set of rules
that the overwhelming majority of them will live in that box quite fine.
A handful of the folks who think of themselves as "power users" will
bitch and moan and find a way to circumvent the rules. They'll complain
to your boss to get you to change the rules just for them, they'll
disable whatever they can. That feels a lot more like the user that
Lennart and David are describing and it is NOT the users that You and I
(and most of the sysadmins all over the world) actually experience. Or
when we do experience them it is our penance of telling them no and then
telling them no, again.

The mistake I've made is thinking that
desktop==sysadmin-maintained-desktop.

What it seems like Lennart and David are describing is home and/or
personal laptop/desktop. It's not for users like you and I think of.
It's for people who have chosen to use linux, at home or on a machine
they are exclusively in control of. A fairly narrow market from what I
can see.

-sv





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]