[175465] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Re: Linux: concerns over systemd adoption and Debian's decision to

daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Wed Oct 22 15:30:44 2014

X-Original-To: nanog@nanog.org
To: John Schiel <jschiel@flowtools.net>
In-Reply-To: Your message of "Wed, 22 Oct 2014 13:13:29 -0600."
 <544801D9.9050004@flowtools.net>
From: Valdis.Kletnieks@vt.edu
Date: Wed, 22 Oct 2014 15:30:29 -0400
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org

--==_Exmh_1414006229_2392P
Content-Type: text/plain; charset=us-ascii

On Wed, 22 Oct 2014 13:13:29 -0600, John Schiel said:

> i was beginning to wonder how secure systemd is also.

One of the 3 CIA pillars of security is "availability".  And if
it's oh-dark-30, figuring out what symlink is supposed to be where
for a given failed systemd unit can be a tad challenging.  At least under
sysvinit, either /etc/rc5.d/S50foobar is there or it isn't(*).

And if they carry through on their systemd-console threat, that could get
even worse - that introduces a whole new pile of risks for being unable
to diagnose early boot bugs

So yeah, there's security issues other than "can it be hacked because
it's got a huge surface area".

(*) Unless you're really having a bad night and it's a hard link to /dev/sda1
or something. :)

--==_Exmh_1414006229_2392P
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Exmh version 2.5 07/13/2001

iQIVAwUBVEgF1QdmEQWDXROgAQIf2xAAjFwyS2d5FcJ74Dq2cjz6HAUbhoEK3Bnl
UFdw/uAs2Q4AAvPZ2wip/tgdLw/Xk45vgs8ekzir053ybLiQas1LbQPiSoqK59nI
zjk4Js4PFDPnAiVCu4wUaOC1kXYj0XygWjrS7r62YD1owqPv9V8pip6ObCxsMhY3
27mKUZfVjFTEIof2hmAlx5ocXS/4jdvP0xl388Vzf3R6sZq2ZvZC+NysyEYUORiT
61AY4YE/7rym54zIg4Oq/GaBDBal1rBmIJvT24qtEgWk2/aKVC8PwcP10dNX0Qt0
1z7LvgyCjHD3L+4MEMabeKknF07m2yMr50BtV24ONZGNfwiwrb89OoqwufBxanPv
nssmBgvuKpHfFSf36VBPNWjF2bhDUgVGE+pztRZnNFkki8W8dPYUFy/8qKSXjOsn
vYpDna6HcOqAireikFaSG/9+us8YENP8px8mm9cbiPjuMMJgUc+zvK/upPy/oYB5
KPABZ//C6bGnJ45dBeqrQ5YUMsF9CVV2jwGKalESxnanhN7I6GufQY3rsotfzaAl
ELcKsDvSS1T89rCbFpOx1xeZQQwtRb9O1ycN9DT54P5HGcy7aQYJqmRi1Bf4jfje
H3cO8AHajsuwM8VAzejIA6ENP54i1J4vVSd72xog/eR8IvQQUPCcs85wI+WdvJQo
Je/6S4JWxzk=
=BkJO
-----END PGP SIGNATURE-----

--==_Exmh_1414006229_2392P--
home help back first fref pref prev next nref lref last post