[ale] systemd bad. Very bad.

Solomon Peachy pizza at shaftnet.org
Thu Jun 29 22:13:55 EDT 2017


On Thu, Jun 29, 2017 at 09:09:56PM -0400, Steve Litt wrote:
> Soloman's assertion that "Fortunately, no init systems --- systemd
> included --- do that", I knew some BS was being spoken by someone,
> and I didn't suspect the folks at CVE.

systemd-resolved is does not run as, nor is it invoked by pid1, 
therefore it is not part of the init system any more than 'unbound' or 
any other DNS resolved may be.

> As systemd continues to expand its attack surface, doing so in a way
> that you can't just plug-swap an alternative component for a systemd
> component, the probablility of problems increases. My favorite
> warning about this is http://ewontfix.com/14/ .

Um, systemd-resolved is entirely optional.  I have a choice of at 
least *four* resolvers on the system I'm typing this from.  

(And if you're going take the "attack surface" route, I sure hope you're 
including every shell script invoked by a typcal sysvinit-based system.  
Oh, and the shell too.  And every binary the shell can invoke.  Which, 
if you're honest, is, oh, *everything*)

> More humorous was his "you have a lot more to learn" comment
> immediately following his statement of alternative facts.

If you're going to lob rocks, it's prudent make sure you're not aiming 
at your own foot first.  There's a reason that sort of action is called 
a "learning experience".

I stand by what I wrote.

 - Solomon
-- 
Solomon Peachy			       pizza at shaftnet dot org
Delray Beach, FL                          ^^ (email/xmpp) ^^
Quidquid latine dictum sit, altum videtur.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: not available
URL: <http://mail.ale.org/pipermail/ale/attachments/20170629/03636c68/attachment.sig>


More information about the Ale mailing list