All of these attempts to change the policy, and individual one-line patches, show there is a fairly high perceived need to do “something”; our default setup just isn’t so good that we can confidently leave it unchanged.
And, we actually _could_ improve both the security and usability of the system, with some work.
We could detect whether a system being installed is a VM. (And someone smarter than me could maybe figure out a way to test whether a VM is behind local NAT, i.e. a personal or testing machine, or bridged to a larger network.)
We could disable ssh on interactive installations (if you are installing interactively you will also run firstboot interactively and can log in interactively and enable ssh interactively) and enable it on kickstart installations (while still having interactive installations record a kickstart that disables ssh).
We could figure out a reasonable rate limiting policy for ssh, and depend on it to allow weaker passwords.
Ultimately, we could fix the LUKS/system login dual password situation.
And I’m sure there are many other possible improvements.
All of this just takes a willingness to look at a dozen components at a time instead of at a single one, and a willingness to write patches that sum up to thousand lines instead of a single five-line patch. Now only if there were anyone able and willing to take this on; I will ask around but so far I don’t know of anyone with too much free time on their hands.
Mirek
--
security mailing list
security@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/security
