[NTLUG:Discuss] Last meeting, you CAN have hotplugged devices automount without desktop

Wed Jan 30 17:25:26 CST 2008

Ted Gould wrote:
...
> 
> Actually, no.  As long as there is a "User 0" that has full access to
> the system and an administrator needs that access to do his or her job
> this can't be achieved.  It's not really a permissions issue.  No
> offense but, if it was really that simple I'm sure the folks at the NSA
> would have just chosen that way of protecting data.

:)  You've hit the backup of a backup of a backup of a backup issue...
just one of its many forms.  What I mean is that logic is
similar to the boss who wants you to backup the systems, then
you say "What happens if the tapes go bad?"  He says, well,
we'll need an alternative backup to backup the tapes.  And...
etc.. etc.. etc.. etc..

All the NSA is doing is defining what their threshold of
pain is and trying to make a show stopper out of it.
At the end of the day they might be making things .0000009%
better.  Is it worth it?  How many levels of backup does
one need before declaring victory?

It's great "religious" debate material... but at the end
of the day, they have made extremely marginal gains on
"whatever" their original goal was.

I mean... you can either build a building with 10,000,000
doors... or you can hire a guard and have one door.
One might say, 10,000,000 doors is more secure.. but
it's expensive to add that 10,000,001th door.... and next
month it's adding the 10,000,002nd door, etc.... and on
and on.

In all fairness to those in the security business... that
NSA style of reasoning pays a LOT of bills!!

...
> 
> The problem is that none of the security mechanisms allow specific
> feature level permissions.  Let's say for instance you would like to
> allow users to install any package in your repository of approved
> packages but not allow them to install any program off of the Internet.
> That's essentially unavailable.  While that example might not seem
> useful similar issues arise with network configuration with wireless
> keys, etc.

An interesting example.  SELinux doesn't solve this of course... but
interesting nonetheless.  It is trivial to write the front end rule
to make this a reality though without the expense of a general
purpose mechanism (which might succeed, but the supporting glueware
would be just as much code writing as the specific frontend
itself).

> 
> While other tools could be built to do this on their own, PolicyKit
> provides a way to do this on all DBUS entries thus separating the
> implementation of the feature from the security.  Let the security
> people worry about policy.
> 
> I hope that someday something like PolicyKit will replace sudo, gtksu
> and friends.  Most people will hopefully never need to gain "root" on
> their machines.  They can ask services with the appropriate level of
> permissions to do things for them in a standard way.  This also means
> that those services can run in more restricted contexts.

Again, extending things like sudo (don't care about gtksu... wasn't
needed to begin with) is a better answer than reinventing ... we'll
see.  Maybe PolicyKit will be awesome.  But just given the work
I've seen out of freedesktop.org so far... I'm doubting it (not that
it doesn't "work"... well... it's hard to explain in email... must
use voice ... or maybe mind link to make the point clearly).

This isn't a technical battle.  It's completely political.
Doesn't really matter what you or I believe or think...
a path has been chosen and we'll live with the implementation
as set before us.  Just makes me want to go out and write
something better (nobody will use it... but hey, it's the
principle of the thing).