Proposal: Improving SELinux <--> user interaction on Fedora - Kerneloops for SELinux
max bianco
maximilianbianco at gmail.com
Tue Jul 22 23:37:32 UTC 2008
2008/7/22 David Nielsen <gnomeuser at gmail.com>:
>
> Any suggested solution that starts with "open a terminal" scares users,
I understand. However I don't think adding an allow/deny button is the
answer. I think the main problem is that most people don't understand
what SELinux does, or more accurately how it does things.
> additionally if they are required to be root in said terminal I would
> hestitate to guess that we lose everyone except a bare minimum of users when
> looking at the big picture - my mother surely should not be asked to do
> this, the mere thought of her with the root password in hand terrifies me
> add to that firing off random commands she has no idea what does - it's a
> wonder Hollywood has yet to make a blockbuster horror movie following this
> plot.
It would make for a good movie:^) My mother uses Fedora and hasn't had
any issues that were SELinux related. Email, music, web surfing are
all she does. I doubt Aunt Tily is doing much more than that.
> In terms of what SELinux does currently, it's an improvement over the
> older releases but it's still far from being something I would let my mother
> ticker with - and the policy currently has plenty of holes in terms of what
> an average user might do, just the other day I discovered SELinux utter fail
> when plugging in my iPod (this was fixed within days of being filed and as I
> recall an update was pushed soon there after, so the response is generally
> good but that is still some 2 weeks where aunt tilly can't use her iPod).
> Should asking the user to drop to a terminal as root and issue commands
> really be our first line of defence.. I certainly hope not. We really need
> to be more proactive in gathering failures instead of relying on the user to
> patch up the policy with mysterious cli magic.
I agree a better job needs to done but until F9 it was optional was it
not? Now you can turn it off but it is enabled by default, combined
with the kerneloops twist this should be sufficient for now. These
things need time to be effective and implementing allow/deny buttons
in the meantime is a recipe for disaster, I have seen the results of
not having good host security, it isn't pretty. A little pain now is
worth it, a little foresight is all I am asking. An allow/deny button
is expedient but it ultimately goes against good security practices.
It would be nigh impossible to challenge Microsoft today if they had
taken the pains to implement good security from day one. Windows is a
security disaster. An allow/deny button will make Fedora a security
disaster. The casual user is more likely to hit allow than deny, more
likely to blindly implement a bad solution precisely because its
expedient. The end user puts their trust in the engineer to anticipate
their needs and keep them safe.
The developer community needs to make a commitment to SELinux if the
issues are going to get resolved. I don't mean waiting for Dan Walsh
to solve your problems either. Everyone here should understand that it
isn't magic. That's the view of of an end user without a clue. Its
hard work to get it to just work. All I am seeing is suggestions of
making it easier, lets take the expedient route and worry about the
consequences later. This approach isn't going to benefit anyone in the
long run. If there are issues then where are all the threads talking
about these issues? If everyone is an expert policy writer then why
are there issues?
A big problem is not many end users know what SELinux does. The
process isn't transparent enough. If you need to develop policy for
your package then why not do it on list? People can see what's going
on and more important people can learn. Mistakes are going to be made,
it is a simple fact of life. If end users can see the policy
development process, if they can see the developer's working on these
issues then I believe you can expect at least two things. 1) More
patience because they can see it being worked on 2) faster development
of policy
I imagine that at some point some Microsoft engineer made the argument
that security should take precedence but he/she got overruled. All in
the name of expediency, of making it easier for the end user. We'll
worry about security later. No you won't. Later it will be harder to
implement because it will break everything, security is part of good
design. It has to thought of and built in from first step to last.
Hopefully the new SELinux documentation project will help educate
people and make life easier. I assume everyone here is aware of this
effort.
-Max
> fedora-devel-list mailing list
> fedora-devel-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-devel-list
>
--
If opinions were really like assholes we'd each have just one
More information about the fedora-devel-list
mailing list