[ale] systemd bad. Very bad.
Steve Litt
slitt at troubleshooters.com
Thu Jun 29 20:49:12 EDT 2017
On Thu, 29 Jun 2017 19:58:50 +0000
"Lightner, Jeffrey" <JLightner at dsservices.com> wrote:
> The premise of your original post was flawed in that it seemed to
> imply that DNS without systemd (or even other utilities) don't
> sometimes have exploits that need to be addressed.
That's not how I read his initial post. I read his post as "oh geez,
here's another thing systemd screwed up."
> Suggesting that a component of systemd MIGHT be exploited and that
> makes systemd a bad idea seems silly as hell to me. I've patched
> BIND on multiple occasions and or having to change named.conf for to
> prevent various exploits long before systemd was a gleam in anyone's
> eye.
BIND is a huge hot mess with a large attack surface. I favor djbdns,
although in an age of IPV6, djbdns becomes increasingly impractical.
Anyway, an init system is supposed to be a tiny thing that spawns
processes and listens for signals --- something with a tiny attack
surface. So having a security flaw in an init system is a lot worse
than in a caching/authoritative resolver.
>
> Based on your logic, no one should use OpenSSL because it was once
> vulnerable to Heartbleed...
I don't think the OP was demanding security perfection from any
software. I read his post more as "oh geez, ANOTHER systemd screwup".
SteveT
Steve Litt
June 2017 featured book: The Key to Everyday Excellence
http://www.troubleshooters.com/key
More information about the Ale
mailing list