On Thu, Oct 31, 2013 at 2:53 PM, Máirín Duffy duffy@redhat.com wrote:
On 10/31/2013 09:39 AM, Simo Sorce wrote:
I think a good server experience will require that yum install firefox on a headless system installs all required packages to make it work, is this something we need to take care of going forward ?
So stepping back, the use-case being proposed here is:
'Users of Fedora server will be able to install - at their option - software with graphical interfaces, and they will be able to successfully use these graphical interfaces via trusted X-forwarding (ssh -Y).'
I would stop at the comma; to me (ssh -Y) is an implementation detail, we might be equally satisfied with a RDP server instead. (Especially if, as you suggest, Microsofty admin types are one of the targets. With Wayland we'll be using a bitmap-pushing protocol anyway, won't we? Or is it really critical to tie this functionality to ssh, perhaps to reuse ssh keys for authentication?)
(Speculatively we might instead consider deciding the really useful functionality is available as web applications, not X11 applications, and that we don't really need a X11-based GUI on the server; but that's dependent on actually having done the research on what useful applications exist and are popular, which I haven't done.)
(It seems to me that Firefox is one of the applications that one would _least_ need to run remotely - just run Firefox locally. OTOH Firefox is one of the easier cases nowadays, with the desktop stacks increasingly not taking non-local or non-primary sessions (like (su -) and ssh) into account, as Remi points out.)
The only concern that the more technical folks like you could address here - there are security implications on installing the whole set of stacks/libraries necessary to get a GUI app running on a server, right?
The security implications are non-zero, but decreasing over time.
It used to be useful to minimize the amount of software available on the target system to be reused by the attacker (e.g. not have interpreted languages compilers installed) because the networks were very slow, storage was lacking, and binary compatibility was rare; so pre-installed software was often reused by attackers both to minimize the download time and to make the malware more portable (either making it a shell or perl script, or shipping C source code to be compiled locally).
Nowadays the hardware+OS=ABI diversity is much smaller, the size of malware is frequently measured in megabytes, and they use even more local disk space (which nobody ever notices because a single photo is larger). Malware can therefore easily include whatever is necessary in its installation package instead of relying on the (potentially incompatible) software already installed on the system, so the benefits of not having software installed tend towards zero.
The one case where there still are security implications, and where minimizing the installed software makes sense, are privilege escalation paths: setuid programs, D-Bus servers, daemons.
So, overall, I think it would be well justified to just include xorg-x11-xauth and a basic set of fonts in the default server installation. (Or in "the server installation profile aimed at Windowsy users", providing a "really minimal and headless" profile? I'm inclined to say that storage is cheap and the really minimal profile just isn't needed, and within the context of the Server WG I might be justified in ignoring Matt, who always patiently points out that 200 MB * 10k guests on a SAN starts to get costly :) ) Mirek