From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 4F14C13877A for ; Tue, 5 Aug 2014 19:57:45 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 416CEE08EE; Tue, 5 Aug 2014 19:57:42 +0000 (UTC) Received: from mail-vc0-f177.google.com (mail-vc0-f177.google.com [209.85.220.177]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 799AEE08DA for ; Tue, 5 Aug 2014 19:57:41 +0000 (UTC) Received: by mail-vc0-f177.google.com with SMTP id hy4so2425136vcb.22 for ; Tue, 05 Aug 2014 12:57:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:content-type; bh=1q2GqfeGqgXtWgyacdd5R9snawaKLO9I8wU3IHS/n8A=; b=U4kxcq+S9TAuThS1cz1fj4jbdENf+t56WYJBGYCfesFIcydEZYKsGmgZILyXi/hT+7 BrEnTmX5acoOHBlgJLuubPgpRNbzEGq4vgdsCE5mAKdA0qXr/rQfXQZ9qWVUZo7Y2ud1 It6RYPYMEECZ6EnN/rmi5XckO63+UWAqp7VZnFEnOqGeY7QUlorkyKdrC9GToTYrZL+T EPU8kFbbNmFHTxyF2MzxB+ai+P71JOMtoagBprwYTRp9kvCI/1qBMEMHTmUhAgfXC+6V d3XLadkzU0rUUQi0cQYPgTfmPdQxSWQDFGWBpyo3s+J7LWA8pHQCHM2HxXK5OKnRXpnI xWvw== Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-amd64@lists.gentoo.org Reply-to: gentoo-amd64@lists.gentoo.org MIME-Version: 1.0 X-Received: by 10.220.174.137 with SMTP id t9mr6556390vcz.12.1407268660668; Tue, 05 Aug 2014 12:57:40 -0700 (PDT) Sender: freemanrich@gmail.com Received: by 10.52.8.229 with HTTP; Tue, 5 Aug 2014 12:57:40 -0700 (PDT) In-Reply-To: <20140805151614.8c86a17e35a319de64f4345d@comcast.net> References: <20140805151614.8c86a17e35a319de64f4345d@comcast.net> Date: Tue, 5 Aug 2014 15:57:40 -0400 X-Google-Sender-Auth: ZdsCCeoAqnyXknpcduXgedHIP-M Message-ID: Subject: Re: [gentoo-amd64] "For What It's Worth" (or How do I know my Gentoo source code hasn't been messed with?) From: Rich Freeman To: gentoo-amd64@lists.gentoo.org Content-Type: text/plain; charset=UTF-8 X-Archives-Salt: 57eaed2b-f569-400b-aa51-235e3338340e X-Archives-Hash: 7fccd316435b78050dfc4841ae708345 On Tue, Aug 5, 2014 at 3:16 PM, Frank Peters wrote: > Linux _used_ to adhere to these two principles, but currently it > is more and more moving toward monolithic development and much > reduced simplicity. I refer especially to the Freedesktop > project, which is slowly becoming the centralized headquarters > for everything graphical. I also mention systemd, with its plethora > of system daemons that obscure all system transparency. Everybody loves to argue about which design is "simpler," the "unix way," etc. The fact is that while systemd does bundle a fairly end-to-end solution, many of its components are modular. I can run systemd without running networkd, or resolved, etc. The modular components have interfaces, though they aren't really intended to work with anything other than systemd. Honestly, I think the main differences are that it doesn't do things the traditional way. Nothing prevents you from talking to daemons via DBus, or inspecting their traffic. Also, a set of modular components engineered to work together is less likely to have integration-related bugs than a bunch of components designed to operate on their own. SystemD also allows some security-oriented optimizations, like private tmpdirs, making the filesystem read-only, reduced capabilities/etc. That isn't to say that you can't do this with traditional service scripts, but there are more barriers to doing it. Ultimately it is a lot more functional than a traditional init, so I do agree that the attack surface is larger. Still, most of the stuff that is incorporated into systemd is going to be running in some process on a typical server - much of it as root. The use of DBus also means that you can use policies to control who can do what more granularly. If you want a user to be able to shut down the system, I imagine that is just a DBus message to systemd and you could probably give an otherwise-nonprivileged user the ability to send that message without having to create suid helpers with their own private rules. The ability to further secure message-passing in this way is one of the reasons for kdbus, and Linus endorses that (but not some of the practices of its maintainers). I do suggest that you try using systemd in a VM just to see what it is about. If nothing else you might appreciate some of the things it attempts to solve just so that you can come up with better ways of solving them. :) Rich