Summarzing concerns with systemd to channel then to systemd upstream? (was: Re: Challenge to you: Voice your concerns regarding systemd upstream)
- To: debian-user-german@lists.debian.org
- Subject: Summarzing concerns with systemd to channel then to systemd upstream? (was: Re: Challenge to you: Voice your concerns regarding systemd upstream)
- From: Martin Steigerwald <Martin@lichtvoll.de>
- Date: Sun, 28 Sep 2014 11:41:03 +0200
- Message-id: <[🔎] 1859107.CSCDEEQOo3@merkaba>
- In-reply-to: <20140927003635.GA9031@sprite>
- References: <1653777367.1158204.1409689138690.JavaMail.zimbra@ptd.net> <5425BC15.9020102@gmail.com> <20140927003635.GA9031@sprite>
Am Freitag, 26. September 2014, 14:36:35 schrieb Joel Roth:
> Ric Moore wrote:
> > Change is certainly needed when any pimple face kid can edit and hide his
> > doings from a text log with nano. I think the change is necessary to
> > harden
> > up our systems. Otherwise, Microsoft will become the only secure server
> > OS,
> > as they don't mind hiding things at all.
> >
> > Yes, it is a work in progress, but I think the main goal is signed
> > binaries
> > that discourage the Black Hats ...at least for awhile. What is telling is
> > that no one is talking about that. Linux does indeed run the majority of
> > the web servers, so consider that if every major Linux Distro is working
> > in concert for a change, there has to be compelling reasons behind it,
> > and that we may not be privy to their reasonings for security's sake. The
> > Net has been proven to be as secure as Swiss Cheese lately, and that
> > makes Linux look very bad, if not half-assed.
> >
> > :/ Ric
>
> Hi Ric,
>
> In my opinion, giving PID 1 to a large, complicated and
> unproven framework constitutes the greater security risk.
>
> Compared to sysvinit, systemd presents a huge attack
> surface that is difficult to audit and includes ample
> opportunity for security holes, accidental or
> otherwise.
Well if I compare binary sizes with /sbin/init and /lib/systemd/systemd which
/bin/systemd symlinks to, and if I look at those systemd --user processes, I
think you have a point here.
It may be a good idea to add it to the thread I started on systemd-devel
mailing list. It may not create change immediately, but maybe it helps some
developers to think about things.
I didn´t take time to read through the various responses the systemd-devel
thread I started created, but I may like to add some points and concerns...
Maybe it would be a good idea to summarize the concerns posters voiced on this
list. I may do it myself or at least pick some of them I can resonate with and
bring them upstream, by citing them there. Its a public list here so I feel
free to take excepts and post them there. I would look at including enough
context and links to original posts tough.
But on any account: Anyone of you can do it. It may also give it more weight.
If just I take the effort to post there, well it is "just" me, posting there.
One voice referencing to other voices. But… more voices referencing to other
voices are more effective.
Ciao,
--
Martin 'Helios' Steigerwald - http://www.Lichtvoll.de
GPG: 03B0 0D6C 0040 0710 4AFA B82F 991B EAAC A599 84C7
Reply to: