[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Challenge to you: Voice your concerns regarding systemd upstream



Ric Moore wrote:
> Change is certainly needed when any pimple face kid can edit and hide his
> doings from a text log with nano. I think the change is necessary to harden
> up our systems. Otherwise, Microsoft will become the only secure server OS,
> as they don't mind hiding things at all.
> 
> Yes, it is a work in progress, but I think the main goal is signed binaries
> that discourage the Black Hats ...at least for awhile. What is telling is
> that no one is talking about that. Linux does indeed run the majority of the
> web servers, so consider that if every major Linux Distro is working in
> concert for a change, there has to be compelling reasons behind it, and that
> we may not be privy to their reasonings for security's sake. The Net has
> been proven to be as secure as Swiss Cheese lately, and that makes Linux
> look very bad, if not half-assed.
> :/ Ric

Hi Ric,

In my opinion, giving PID 1 to a large, complicated and
unproven framework constitutes the greater security risk.

Compared to sysvinit, systemd presents a huge attack
surface that is difficult to audit and includes ample
opportunity for security holes, accidental or
otherwise.

Any new technology of that scale is bound to face security
issues. Many people, including desktop users, would prefer
not to carry the inevitable risks of being an early adopter.

Also obfuscated logfiles hardly seem like a major security
innovation. Is this approach described or analyzed in security
literature? In any case, I think logging belongs to a different
domain than system initialization. 

Regards,

Joel



-- 
Joel Roth
  


Reply to: