sshd dependancy to systemd and attack surface

To: debian-ssh@lists.debian.org
Subject: sshd dependancy to systemd and attack surface
From: Marc SCHAEFER <schaefer@alphanet.ch>
Date: Sat, 30 Mar 2024 12:46:51 +0100
Message-id: <[🔎] Zgf7q7VO7AYetpFS@alphanet.ch>

Hello,

sshd has a dependancy to systemd, and thus includes a lot of libraries,
which augments its attack surface.

The recent xz-utils issue [1] has lead to this post by someone suggesting
(with a patch, apparently) to confine the sshd -> systemd dependancy
in a subprocess [2].

Maybe you want to look into it?

Thank you.

[1] https://www.openwall.com/lists/oss-security/2024/03/29/4
[2] https://www.openwall.com/lists/oss-security/2024/03/29/23

Reply to:

Follow-Ups:
- Re: sshd dependancy to systemd and attack surface
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: Re: Bug#1068017: util-linux: please ship liblastlog2 packages
Next by Date: Re: Bug#1068017: util-linux: please ship liblastlog2 packages
Previous by thread: Re: Bug#1068017: util-linux: please ship liblastlog2 packages
Next by thread: Re: sshd dependancy to systemd and attack surface
Index(es):
- Date
- Thread