On Mon, 2016-05-30 at 12:05 +0200, Lennart Poettering wrote: > The changed default here is really about defining the lifecycle of > unprivileged code by privileged code, and thus about security. Security against what? Who is the attacker? What is the threat model? Bandying about the word "security" to justify a change that clearly angers a lot of people does not make for a strong argument. It is also not the case that Fedora puts security above usability or expected behavior in all cases. The default SELinux policy does not deny execmem/execstack/etc., even though there is a clear security story for doing so, because it would break various things (web browsers, some programming language runtimes, etc.) in ways that aggravate users. > An > unprivileged user should not be able run code at any time it wishes > unless the admin allowed this, Are we planning to disable cron? Is reconnecting to screen or tmux sessions suddenly out? VNC? There are literally hundreds of use-cases this kind of policy would break. -- Ben
Attachment:
signature.asc
Description: This is a digitally signed message part
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
