On Mon, Aug 26, 2019 at 9:30 PM John Harris <johnmh@xxxxxxxxxxxxx> wrote: [SNIP] > I cannot imagine who approved this firewall configuration. This is broken. > This is a critical vulnerability, in my opinion. > I think "approved" is probably the wrong word: more like "pushed it through". FESCo explicitly rejected the proposal to disable the firewall, and Workstation WG circumvented that decision by doing the next closest thing (leaving it running, but effectively crippled, rather than disabling it). FWIW, I also would consider this a critical security vulnerability. Here's a rough timeline: * A Fedora 21 change proposal was made to disable the firewall in Workstation[1]. * That change proposal was rejected by FESCo[2]. * F21 shipped with it effectively disabled out-of-the-box anyway (running, mostly open, rather than disabled), and this was documented as a "developer-oriented" configuration in the release notes[3]. * This was discovered to the surprise of security-concerned users, starting a long mailing list thread[4], in which it was argued that this was for novice users (rather than developers, as the documentation stated)[5]. * A bugzilla was created and closed as NOTABUG[6]. * The thread resulted in a FESCo ticket[7] where it was agreed that "FESCo trusts the Workstation WG to properly research and develop a sensible firewall solution and will stay out of the way."[8] The current status is that the Workstation WG never came up with a solution in 5 years, and new people are finding this default configuration and getting upset about the failure of Fedora Workstation to meet basic security expectations. Since Workstation WG has not come up with any better solution over the course of 10 Fedora releases / 5 years, and the default insecure status persists, I think it's reasonable to conclude that FESCo's trust in the Workstation WG's ability to come up with a satisfactory solution was misplaced. I would strongly urge the current FESCo require Worksation to adopt the same secure default configuration as Server, until such a time as Workstation WG comes up with a solution for Workstation that can *honestly* clear the change proposal process. [1]: https://fedoraproject.org/wiki/Changes/Workstation_Disable_Firewall [2]: https://pagure.io/fesco/issue/1301 [3]: https://docs.fedoraproject.org/en-US/Fedora/21/html/Release_Notes/sect-Products.html#Products-Workstation [4]: https://lists.fedoraproject.org/pipermail/devel/2014-December/205010.html [5]: https://lists.fedoraproject.org/pipermail/devel/2014-December/205185.html [6]: https://bugzilla.redhat.com/show_bug.cgi?id=1172353 [7]: https://pagure.io/fesco/issue/1372 [8]: https://pagure.io/fesco/issue/1372#comment-27998 _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
