Default services enabled
Steve Grubb
sgrubb at redhat.com
Tue Aug 23 13:30:24 UTC 2011
On Monday, August 22, 2011 08:32:57 PM Lennart Poettering wrote:
> On Mon, 22.08.11 17:19, Adam Williamson (awilliam at redhat.com) wrote:
> > On Mon, 2011-08-22 at 20:09 -0400, Genes MailLists wrote:
> > > On 08/22/2011 07:07 PM, Adam Williamson wrote:
> > > > On Sun, 2011-08-21 at 17:09 -0400, Steve Clark wrote:
> > > >>> -Steve
> > > >>
> > > >> Obviously a lot on this list value boot up speed over security!
> > > >
> > > > You're making a false assumption, which is that socket activation is
> > > > only about speed. It's also about resource usage. (There may be other
> > > > advantages I haven't considered, this is not to be considered an
> > > > exclusive list.)
I think it was mentioned before that systemd is consuming a lot of memory.
> > > Mmmm Adam - not sure I'd give up security for a little resource
> > > saving
> > >
> > > either ... if indeed that is the trade-off ...
> >
> > Well, there's a question of whether you're really giving up security.
> > There's no actual vulnerability at issue here, just the theory that
> > systemd is more susceptible to vulnerabilities.
And that is important. If there is a threat, we have to mitigate the possibility
through good design. Why is postfix composed of several cooperating processes where
sendmail is not? Is there a difference in their security reputations? Why would that
be?
> As mentioned a couple of times systemd does not read a single network
> packet, hence I'd claim systemd is no worse than sysvinit+xinetd+a lot
> of stuff, yet a lot more powerful. (xinetd processes a lot of crazy
> network protocols internally, and one could argue that it hence is
> actually much worse here than systemd. Also, since it duplicates service
> execution in two daemons the amount of code to audit is doubled.)
Not really. init should be small and not really developed on all the time. Xinetd
would need auditing every upstream release...but there hasn't been any in a long time.
But one of the things that it does is work correctly with MLS. If a network packet
comes in at top secret, it starts the daemon at top secret. I believe that systemd
would start the daemon ranged from system high to low - which is wrong.
-Steve
More information about the devel
mailing list