On Friday, August 30, 2019 12:35:34 PM MST mcatanzaro(a)gnome.org wrote:
On Wed, Aug 28, 2019 at 7:46 PM, Christopher
<ctubbsii(a)fedoraproject.org> wrote:
> Yeah, I also don't want a complicated installer. I just don't see this
> disagreement going anywhere without some sort of compromise, and I
> can't think of any others that will satisfy people. I think there's a
> good chance this could be implemented without much complexity, though.
> Thank you for giving the idea at least a little consideration, though,
> and not outright dismissing it.
The potential compromise I see might involve exposing firewall zones in
some well-considered and thoughtful way, including a rethink of what is
blocked and allowed by the zones, and an understanding of what the goal
of having each zone is. That would have to be done in both gnome-shell
and gnome-control-center, and it'd need to receive buy-in from relevant
designers and developers.
Such an effort would need to be undertaken by developers who understand
and accept a requirement to not break installed applications or
services, to not expect users to be capable of editing firewall rules,
and to not require the installation of a firewall GUI application that
exposes technical details like ports. It would also need to firmly
reject the assumption that users know (or even that users *should*
know) the difference between a TCP port and a USB port. Otherwise, the
gulf between the two sides here is just too great, and there's no hope
for a useful discussion or compromise. But if these requirements are
OK, maybe we can agree on something.
The work would need to be undertaken by people actually interested in
the problem. Expecting existing Workstation developers to work on this
is not likely to turn out well, since we're busy, and I think most of
us are already OK with the status quo.
It'd also be helpful to get beyond this security myth that having a
firewall is somehow essential to have a secure workstation. I'm firmly
convinced this is not the case, and I'm unpersuaded by most of the
comments in this thread that assume otherwise. The best argument I've
seen so far in favor of a firewall was accidentally sharing your
Rhythmbox media library on a public network, so focusing on that or
similar issues would be helpful. Unplugging from trusted "wired
connection 1" (e.g. a home router) and plugging into a different
untrusted "wired connection 1" (e.g. a modem) is another good example
from this thread of where mistakes can currently occur. We probably
shouldn't allow users to share media on a network where the user has a
public IP, for instance. But just repeated claiming that a firewall is
essential for security isn't going to impress me.
IƱaki seems to be batting in this direction with the issues he's
filed. His approach seems constructive to me. I fear it might be easy
to have missed his comment in this noisy thread.
Michael
Several things.
One, running with a firewall that blocks incoming connections from external
hosts doesn't break any known software in Fedora. If it does, please let me
know, as that's highly unusual, and certainly cause for concern.
I don't believe we need to wait for the DE to catch up in terms of security in
order to set a default firewall zone of something more safe. If the end user
is planning on running a network service, especially something which is not
part of GNOME, I can't see any reason that it should be in the default
firewall zone, nor can I see any reason that it needs to be opened for the
user, the system simply making assumptions about what they intend to do. When
an end user chooses to run a network service, they should definitely be making
a conscious decision to open that port to their given network, unless they've
changed the firewall zone.
Port numbers are not "technical data". Seriously, they're not. I have no
idea
where you're getting that from, because port numbers are important to know if
you intend to connect to anything. The only ones they, for the most part,
wouldn't need to know in order to connect are: http, https, ssh.
Holy cow, they definitely should know that there is a MAJOR difference between
a TCP port and a USB port. One of these is a number used to identify the
service you want to connect to on a remote host. The other is a physical port
for local devices.. When remote devices are involved, things are very
different.
Having a firewall is absolutely essential, ESPECIALLY if you expect that your
users don't know what a firewall is, or even what a port number is.
Additionally, you have no real way of knowing what a "public IP" is. You can
have a 10.0.0.0/8, 172.16.0.0/12 or 192.168.0.0/16 IP address and still be on
a public network.
--
John M. Harris, Jr. <johnmh(a)splentity.com>
Splentity
https://splentity.com/