All of these attempts to change the policy, and individual one-line patches,
show there is a fairly high perceived need to do “something”; our default setup
just isn’t so good that we can confidently leave it unchanged.
And, we actually _could_ improve both the security and usability of the system,
with some work.
We could detect whether a system being installed is a VM. (And someone smarter
than me could maybe figure out a way to test whether a VM is behind local NAT,
i.e. a personal or testing machine, or bridged to a larger network.)
We could disable ssh on interactive installations (if you are installing
interactively you will also run firstboot interactively and can log in
interactively and enable ssh interactively) and enable it on kickstart
installations (while still having interactive installations record a kickstart
that disables ssh).
We could figure out a reasonable rate limiting policy for ssh, and depend on it
to allow weaker passwords.
Ultimately, we could fix the LUKS/system login dual password situation.
And I’m sure there are many other possible improvements.
All of this just takes a willingness to look at a dozen components at a time
instead of at a single one, and a willingness to write patches that sum up to
thousand lines instead of a single five-line patch. Now only if there were
anyone able and willing to take this on; I will ask around but so far I don’t
know of anyone with too much free time on their hands.
Mirek
--
security mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/security
