Mattia Verga via devel wrote:
I do not see how this change goes against the definition of Free
Software. It doesn't deny a user to install any software they want, it
is about preventing unwanted/unsolicited/malevolent software from being
installed without user (admin) approval.
But there is the inherent assumption there that the set of software released
by Fedora is identical to the set of software the user trusts. In practice,
those sets will, sure, be overlapping (non-disjoint), but still distinct
(non-identical). And I think they will differ sufficiently for it to be an
issue.
Not only is there the issue of having to whitelist third-party or custom
(second-party, i.e., installed by the local admin) software, but also not
everything ever released by Fedora is necessarily safe to install either.
E.g., an exploitable old version of a VNC server is most likely (and
hopefully!) undesired on a company workstation, even the current version
with no known vulnerabilities might not be wanted depending on the company
policy.
The iOS-style centralized trust model simply does not work.
From a workstation/desktop user perspective, this change sounds not
really interesting, at least until there will be some robust integration
with UI installers. And I personally appreciate it will be introduced as
opt-in.
But from an IT perspective running a server, I think it sounds good (I'm
not IT manager myself). And since Fedora is RHEL playground...
The question is how well this protects servers in practice. I guess it will
stop exploits that drop executable binaries or shell scripts and attempt to
run them (though, if even shell scripts need to be explicitly whitelisted,
this is going to be a royal pain in the neck for system administrators), but
it is not going to help against in-memory exploits of rightfully-installed
server applications. Though I suppose those should be covered the existing
protections such as NX, stack smashing protection, etc. (and also SELinux,
if enabled with a policy for the server to be exploited actually present).
Kevin Kofler