Linux: concerns over systemd adoption and Debian's decision to switch

John Schiel jschiel at flowtools.net
Wed Oct 22 20:22:58 UTC 2014


On 10/22/2014 01:30 PM, Valdis.Kletnieks at vt.edu wrote:
> On Wed, 22 Oct 2014 13:13:29 -0600, John Schiel said:
>
>> i was beginning to wonder how secure systemd is also.
> One of the 3 CIA pillars of security is "availability".  And if
> it's oh-dark-30, figuring out what symlink is supposed to be where
> for a given failed systemd unit can be a tad challenging.  At least under
> sysvinit, either /etc/rc5.d/S50foobar is there or it isn't(*).
>
> And if they carry through on their systemd-console threat, that could get
> even worse - that introduces a whole new pile of risks for being unable
> to diagnose early boot bugs
>
> So yeah, there's security issues other than "can it be hacked because
> it's got a huge surface area".

Agreed, the "oh-dark-thirty" call outs will be harder to resolve but I'm 
sure some folks will learn to deal with it. It's new and changes the job 
but as was noted earlier, there is always change.

My concern is with the "large surface area". Does that expose the daemon 
to more vulnerabilities because it does more or does one daemon make it 
easier to protect against multiple vulnerabilities? I don't know, that's 
where the research needs to be done.

--John

>
> (*) Unless you're really having a bad night and it's a hard link to /dev/sda1
> or something. :)




More information about the NANOG mailing list