What I HATE about F11

Lennart Poettering mzerqung at 0pointer.de
Mon Jun 15 12:51:26 UTC 2009 

On Mon, 15.06.09 12:41, Thomas Woerner (twoerner at redhat.com) wrote:

>>> So, what should happen here? Should we leave the firewall enabled in  
>>> these cases* by default and require admins to open them? If so, is 
>>> there any way that we can make this easier in some 
>>> Packagekit-oriented manner? If not, how should we define that 
>>> packages indicate that they need ports opened? Should this be handled 
>>> at install time or run time?
>>
>> Gah. Allowing packages to pierce the firewall just makes the firewall
>> redundant.
>>
>> I still think that the current firewall situation on Fedora is pretty
>> much broken. It's a bit like SELinux: it's one of the first features
>> most people disable.
>>
> SELinux and the firewall configuration are trying to make the system  
> secure before something happens. If your system is compromised, then it  
> is far too late to react. If you do not care about security, then  
> disable it and have fun with the results.

You know, there is one big difference between SELinux and the default
Firewall. The former doesn't inhibit the use of an application (at
least if the policy is written correctly) because it whitelists every
operation an application should be able to use but nothing else. OTOH
the default firewall actively breaks a lot of applications we ship by
default. It most of the time it even does that silently, without
reporting EPERM or suchlike back to the application.

Really, if SELinux is set up properly nobody should notice it. However
the default firewall breaks a lot of services, and is hence very much
noticeable.

> I wonder why other systems are getting more restrictive and secure over  
> time and for Linux people request the opposite direction.

Oh my. I wonder why other systems work by default and Fedora doesn't.

>> Fedora is the only big distro that enables a firewall by default and
>> thus creates a lot of trouble for many users. I think I mentioned that
>> before, and I can only repeat it here: we should not ship a firewall
>> enabled by default, like we currently do. If an application cannot be
>> trusted then it should not be allowed to listen on a port by default
>> in the first place. A firewall is an extra layer of security that
>> simply hides the actual problem.
>>
> How do you want to get to "it should not be allowed to listen on a port  
> by default"? Maybe with SELinux?

Yes, SELinux is fine for that. Or simply by not shipping the app at
all if it's shit.

Lennart

-- 
Lennart Poettering                        Red Hat, Inc.
lennart [at] poettering [dot] net
http://0pointer.net/lennart/           GnuPG 0x1A015CC4

More information about the fedora-devel-list mailing list