Bug#727708: systemd (security) bugs (was: init system question)
Hi,
On Sun, 01 Dec 2013, Steve Langasek wrote:
> > More review and more usage will lead to more bugs being found, we should
> > rather applaud Red Hat for investing resources and be diligent. After all
> > Red Hat is the only distro staffing a proactive product security team
> > (from which everyone is profiting outside of RH as well). I don't consider
> > the lack of reported security issues for the contenders as a credible
> > indication of them being more secure.
>
> Red Hat shipped upstart as their init system in RHEL 6.
The more interesting information in all this is why RHEL is switching over
from upstart to systemd?
I mean we have an incentive to switch to something else because we can't
reliably fix stuff with sysvinit. But if upstart was satisfactory at that
level, what are the reasons why RHEL is switching again?
Maybe the security features discussed here are part of the answer, I don't
know.
> > FWIW, the main reason I'm personally in favour of adopting systemd is
> > precisely security (in terms of sandboxing and restricting services). See
> > http://0pointer.de/blog/projects/security.html for some pointers.
>
> I think such built-in sandboxing features are interesting, but not decisive.
> They represent an incremental improvement over the status quo for
> sandboxing, and aren't anything that couldn't be delivered as a feature in
> upstart, for example, if there were demand for it.
I believe that those who need those features just decide to use systemd
and won't "demand" those features to the upstart upstreams. In particular
when those features are of particular interest to people who are building
heavily customized systems (think embedded devices) and are not wary of
diverging from the defaults.
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Discover the Debian Administrator's Handbook:
→ http://debian-handbook.info/get/
Reply to: