[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#727708: systemd (security) bugs (was: init system question)

Josselin Mouette writes ("Bug#727708: systemd (security) bugs (was: init system question)"):
> Personally, I find the flow of bugs (including security bugs) for
> moderately recent software the sign of a healthy project. A simple look
> at a few packages in the BTS will show that packages with lots of
> reported bugs are packages with lots of users and features, regardless
> of the quality of their code: Linux, X, Iceweasel, GNOME, KDE all come
> to mind as being full of bugs, including security bugs.

All of those components are to a greater or lesser extent optional.
What we are being asked is to make use of systemd mandatory.

> Indeed, systemd has not been written with security in mind.

What an alarming comment on a program which has ultimate privilege, is
intended to be universally deployed even in the most demanding
security environment, crosses security boundaries (without, IMO, a
sufficient justification), and is being touted as the single
systemwide manager for security features like cgroups !

> Neither have sysvinit nor upstart, AFAICT.

I will leave the upstart maintainers to comment on this in more
detail, but sysvinit has had remarkably few security bugs for a
program of its vintage.  This is because it has very few, and very
restricted, interfaces to untrusted parts of the system.

>  Just like we don’t hold the Mozilla developers responsible
> for security issues in brand-new Javascript engines that maybe 10
> developers in the world could understand.

The security record of web browsers is indeed atrocious.  It is the
result of a persistent swamp of bad design decisions, hideous
overcomplexity, plain bad code, and lack of attention to mitigation
measures.  Google's efforts in this area are to be applauded, even
though I have serious privacy problems with Google.

It is very alarming that web browsers are being presented as the
security benchmark for our new init system.


Reply to: