On Fri, Jan 24, 2014 at 12:55 AM, Kevin Kofler <kevin.kofler(a)chello.at> wrote:
So, what happened:
* We are enabling SELinux enabled (enforcing) by default, a tool designed to
prevent anything it does not like from happening. (Reread this carefully:
The ONLY thing that tool is designed to do at all is PREVENT things. It does
not have a SINGLE feature other than being a roadblock and an annoyance.)
The "feature" is called security. By your logic everyone should be
root, we should
disable other security features like ASLR and NX (both PREVENT me from running
malicious code but do not add a SINGLE feature).
So please read on how security is implemented and why.
* SELinux works by shipping a "policy" that effectively
tries to specify in
one single place (read: single point of failure!) everything any program in
Fedora (scalability disaster!) ever wants to do (second-guessing its actual
code, i.e., duplication of all logic!).
That's not how it works not how it supposed to work. Please read on MAC.
(Note the 3 (!) major antipatterns
in a single-sentence (!) description of how SELinux works!)
Not a description on how it works but your misunderstand.
* An update to that SELinux policy was shipped that BREAKS the most
critical
tools in Fedora, the ones required to update the system and thus install the
fixes for any regressions, including the very regression that caused the
breakage. And also any automated workarounds are blocked by design.
No idea what "automated workaround" means but there are other ways to
deal with it see Colin's post.
* That update made it out to the stable updates! In other words, the
draconian Update Policies that were enacted in a vain attempt to prevent
such issues from happening utterly failed at catching this bug.
Yeah so we should find out why this happened and improve the testing
procedures to not let it happen in the feature (again see Colin's mail).
So, what needs to happen:
* SELinux must be disabled (or preferably, not installed in the first place,
to avoid wasting space for nothing) by default! Just consider the benefits
(none!)
As stated above that's not true.
* The Update Policies must be repealed. This regression has shown us
that
not only they totally failed at preventing it, but they are actively
contributing to exposing MORE users to broken updates by delaying regression
fixes. (This kind of regression fixes needs to go out DIRECTLY to stable!)
This is a contradiction "our current testing didn't find the bug so
how about we do no testing at all".