Ric Moore wrote: > Change is certainly needed when any pimple face kid can edit and hide his > doings from a text log with nano. I think the change is necessary to harden > up our systems. Otherwise, Microsoft will become the only secure server OS, > as they don't mind hiding things at all. > > Yes, it is a work in progress, but I think the main goal is signed binaries > that discourage the Black Hats ...at least for awhile. What is telling is > that no one is talking about that. Linux does indeed run the majority of the > web servers, so consider that if every major Linux Distro is working in > concert for a change, there has to be compelling reasons behind it, and that > we may not be privy to their reasonings for security's sake. The Net has > been proven to be as secure as Swiss Cheese lately, and that makes Linux > look very bad, if not half-assed. > :/ Ric
Hi Ric, In my opinion, giving PID 1 to a large, complicated and unproven framework constitutes the greater security risk. Compared to sysvinit, systemd presents a huge attack surface that is difficult to audit and includes ample opportunity for security holes, accidental or otherwise. Any new technology of that scale is bound to face security issues. Many people, including desktop users, would prefer not to carry the inevitable risks of being an early adopter. Also obfuscated logfiles hardly seem like a major security innovation. Is this approach described or analyzed in security literature? In any case, I think logging belongs to a different domain than system initialization. Regards, Joel -- Joel Roth -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/20140927003635.GA9031@sprite
