Luke Kenneth Casson Leighton <l...@lkcl.net> writes: > --- > crowd-funded eco-conscious hardware: https://www.crowdsupply.com/eoma68 > > > On Thu, Feb 16, 2017 at 9:12 AM, Philip Hands <p...@hands.com> wrote: >> Luke Kenneth Casson Leighton <l...@lkcl.net> writes: >> >>> if systemd is so bloated and all-encompassing that it in effect >>> demands *all* privileges (it doesn't, but you know what i mean), it >>> utterly defeats the object of having the security system in the first >>> place. >> >> This appears to be another instance of you conflating the init process >> with the project, but perhaps I'm misunderstanding you. >> >> Are you claiming that systemd (the init) uses forks where sysvinit uses >> execs? > > i don't know how you conclude i would say that when i don't mention > sysvinit. why would there be an implication of sysvinit being > involved when it's not mentioned?
Well, if you're saying that systemd is bad, it must be bad relative to something else since if the nearest likely alternative e.g. sysvinit does pretty-much the same thing then you're really saying very little. The Daily Mail will cheerfully tell you that Coffee causes cancer, which is probably true, but only at about the same rate as pretty much everything else one could imagine consuming, so ... no news. > i'm saying that SE/Linux's security model is based on the isolation > of exec. but, that if the sheer overwhelming number of programs being > exec'd is so huge, it becomes pretty pointless to even *have* such > isolation. Systemd execs a lot of things by dint of it being the system's init, does it not? This sounds almost like you're claiming that SElinux isn't capable of modeling any implementation of the init task. That's why I was trying to tease out something about what makes this unique to sytemd from you. Hence the mention of sysvinit. > i provide this as a guide *without* spending the time to assess > actual instances... because it's not my job to do so. and, also, with > the sheer overwhelming number of *other* factors (all of them > individually low-probability events), when combined using > demster-shafer information theory, you don't *need* to go in-depth: to > do so is completely pointless. > > basically i'm saying, phil, knocking down one skittle by spending the > time to track down one "hole" in what i say, is pointless. the entire > design and deployment of systemd is like a dam made of swiss cheese. > > there simply aren't enough fingers to plug all the hundreds of > flaws... so there's little point in trying. this response (one of a > long line of reasons why i will never *ever* use systemd) is just one > response from a different angle, one that i have had at least one > person publicly express gratitude for taking the time to explain, and > one privately. who knows well enough and is old enough and ugly > enough *not* to get involved in the cluster-fuck known as systemd. I'm not trying to knock down skittles -- I'm trying to see whether what you're saying has any substance behind it, or is simply hand waving. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/ http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg, GERMANY
Description: PGP signature
_______________________________________________ arm-netbook mailing list firstname.lastname@example.org http://lists.phcomp.co.uk/mailman/listinfo/arm-netbook Send large attachments to arm-netb...@files.phcomp.co.uk