F15 - status of /run/user, /dev/shm, and potential for a DoS attack

JB jb.1234abcd at gmail.com
Wed May 18 19:35:18 UTC 2011 

Stephen John Smoogen <smooge <at> gmail.com> writes:

> 
> On Wed, May 18, 2011 at 03:41, JB <jb.1234abcd <at> gmail.com> wrote:
> 
> >
> > Is Fedora's policy to ship a product that has a known, proven, and
> > discussed DoS attack venue with this potential implication ?
> 
> Is this a strawman question or some other rhetorical device.
> 
> But to answer the strawman then the answer would be yes and has been
> since before Fedora 1. There are a ton of ways to DOS a system out of
> the door and have been since the beginning of Linux

This is an accurate and interesting statement, and I am glad you made it.
Yes, the Linux policy has been to expand, gain market share - you can see that
in breathtaking kernel development, user space frameworks and applications, and
also those couple of hundred Linux distros.
As a result of that, security was not the primary concern, willingly or not.

Perhaps it is time to change that, exactly because the critical mass has been
reached in the computing market space.
Fedora has millions of users.

> and most Linux
> distributions do nothing about them because the solutions have
> side-effects that peeve off users and those who worry about it can fix
> it themselves. The /dev/shm has been a problem for over a decade.. and
> has been brought up fairly regular in that time.
> 

You have to start raising alarms when things as described here in this thread
are tolerated.

Linux, My Dear, the honeymoon is over !

You have been our princess and enjoyed it. But now the reality bites and we
have to bite the bullet.
Security is an issue; it has always been, as you say, and for that reason has
to be addressed as a product release policy.

The end users of F15 are at risk.
They should be fully advised what's the danger with this product.
After all, it is an open-source project.

The issue is serious, because it raises not only technical questions, but also
internal (Security, QA, etc teams) and policy ones.

Sorry about crashing the party ... I was just feeling lonely and had to find
a soul or two ... and the lady at the door told me there was something going
on here, but she was not sure what :-)

JB

Buffalo Springfield - Stop Children What's That Sound
http://www.youtube.com/watch?v=bjSpO2B6G4s

More information about the test mailing list