Bug#727708: systemd (security) bugs (was: init system question)
Josselin Mouette writes ("Bug#727708: systemd (security) bugs (was: init system question)"):
> Personally, I find the flow of bugs (including security bugs) for
> moderately recent software the sign of a healthy project. A simple look
> at a few packages in the BTS will show that packages with lots of
> reported bugs are packages with lots of users and features, regardless
> of the quality of their code: Linux, X, Iceweasel, GNOME, KDE all come
> to mind as being full of bugs, including security bugs.
All of those components are to a greater or lesser extent optional.
What we are being asked is to make use of systemd mandatory.
> Indeed, systemd has not been written with security in mind.
What an alarming comment on a program which has ultimate privilege, is
intended to be universally deployed even in the most demanding
security environment, crosses security boundaries (without, IMO, a
sufficient justification), and is being touted as the single
systemwide manager for security features like cgroups !
> Neither have sysvinit nor upstart, AFAICT.
I will leave the upstart maintainers to comment on this in more
detail, but sysvinit has had remarkably few security bugs for a
program of its vintage. This is because it has very few, and very
restricted, interfaces to untrusted parts of the system.
> Just like we don’t hold the Mozilla developers responsible
> developers in the world could understand.
The security record of web browsers is indeed atrocious. It is the
result of a persistent swamp of bad design decisions, hideous
overcomplexity, plain bad code, and lack of attention to mitigation
measures. Google's efforts in this area are to be applauded, even
though I have serious privacy problems with Google.
It is very alarming that web browsers are being presented as the
security benchmark for our new init system.