[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Local users get to play root?

Verily I say unto thee, that nodata spake thusly:

> Secure by default please, otherwise turn off selinux by default.

Very good point.

It's rather contradictory, indeed hypocritical, for Fedora to have spent
all this time and effort integrating security as relatively extreme as
SELinux into the distro, only to then undermine it by allowing a subset
of unauthorised root privileges.

So on the one hand the rationale is: The target audience is single-user
desktops, so authorising package installs is moot. But on the other hand
those same users had to endure several releases where SELinux prevented
many packages from working correctly, while maintainers, developers, and
bug reporters spent a lot of time and effort tweaking security policies
to fix these issues, for the sake of what was extolled as important and
necessary improvements to Linux security.

So which is it?

Is security important for the target audience (whomever Fedora presumes
them to be), or not?

Personally, I use Fedora on desktops, laptops /and/ servers, and yes I
have other users on my network, to whom I do /not/ wish to allow root
access ... ever. And I take great exception to Fedora arrogantly
presuming what type of systems I use Fedora on, and what my security
needs are.

Something far more worrying, is that Fedora is the testbed for RHEL. Are
we to assume that enterprise customers will be spared the insecurities
currently being foisted on Fedora users, or should we start working on
the security advisories now?

Keith G. Robertson-Turner

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]