What I HATE about F11
James Morris
jmorris at namei.org
Sun Jun 14 23:15:12 UTC 2009
On Sun, 14 Jun 2009, Lennart Poettering wrote:
> much broken. It's a bit like SELinux: it's one of the first features
> most people disable.
False.
Most people leave SELinux enabled, according to the smolt stats which have
been collecting since the F8 era.
> Fedora is the only big distro that enables a firewall by default and
> thus creates a lot of trouble for many users. I think I mentioned that
> before, and I can only repeat it here: we should not ship a firewall
> enabled by default, like we currently do. If an application cannot be
> trusted then it should not be allowed to listen on a port by default
> in the first place. A firewall is an extra layer of security that
> simply hides the actual problem.
The problem is that you never really know how trustworthy an application
is. All software has bugs, and some of those will be exploitable. A
significant purpose of firewalling and tighter security policy (e.g.
SELinux MAC) is to help reduce the impact of bugs (and misconfiguration)
when they occur.
- James
--
James Morris
<jmorris at namei.org>
More information about the devel
mailing list