Upcoming Fedora Test Days ... DeviceKit and XFCE
Michal Jaegermann
michal at harddata.com
Tue Mar 17 16:10:49 UTC 2009
On Mon, Mar 16, 2009 at 08:10:20PM -0400, Matthias Clasen wrote:
> On Mon, 2009-03-16 at 15:25 -0600, Michal Jaegermann wrote:
>
> >
> > The general issue is that while on one hand things are getting
> > tightened up with SELinux policies, from time to time beyond a point
> > of usability, at the same moment big holes are opened due to a
> > byzantine maze of dependencies between PolicyKit and DeviceKit and
> > Nautilus and generally desktop things.
>
> Care to explain where you see a maze of dependencies ?
Let's make that very specific. When I brought up
https://bugzilla.redhat.com/show_bug.cgi?id=489397,
which has clear security consequences, the first reaction from a
person which _should_ be pretty familiar with the subject was
(this is a literal quote): "Your beef is with Nautilus" and to close
the bug. I was somewhat persistent and presumably a fix is now in
the works but do you think that this came from a deep understanding?
When on 2008-06-06 a security hole to drive a truck through was
reported as https://bugzilla.redhat.com/show_bug.cgi?id=450304
do you think this hole was created because it was not perceived
what effects will be or this was a deliberate sabotage? What is
more that hole is still open, there are no traces of any activity on
this bug even if a basic fix is really trivial, so presumably one
should not expect that a thorough review was undertook to make sure
that similar surprises are not lurking somewhere else.
If you think that you are controlling an access but it turns out
that it is possible to bypass your barrier by an extra passage here
and a trapdoor over there then this is hard to call that a
straightforward construction and if you are running into surprises
in security then most likely you are not secure at all but you are
never sure one way or another.
> The mere fact
> that some things are new and not very well-known to you does not make
> them byzantine.
If you will memorize the whole nethack layout then moving around
there will also be quite simple.
Michal
More information about the fedora-test-list
mailing list