[sf-lug] A command short enough to be tweeted can bring down systemd
Rick Moen
rick at linuxmafia.com
Sat Oct 8 16:08:40 PDT 2016
Quoting Bobbie Sellers (bliss-sf4ever at dslextreme.com):
> Well unlike mandog (kelvinat at gmail.com): I see the point of
> your post.
In fairness to 'mandog' (whoever he/she is), he might have misread my
comments as claiming that using a specific init system rather than a
different init system makes a *ix system invulnerable to local DoSing.
Of course, I didn't say or imply anything even remotely like that, but
still he might have thought it.
Anyway, I just wanted to put in a good word for VMs as absolutely
excellent platforms for trying out ideas for system architecture.
In working on the prototype for my next server migration, I'm going to
be seeing about a minimal init _and_ either static /dev or mdev in place
of udev, plus making sure there's no D-Bus / upower / packagekit / udisks /
PolKit or any of the other freedesktop.org stuff. Also, I hope to test
whether it's still feasible to use the grsecurity/PaX patchsets, even
after the annoying 2015 announcements that stable releases would now be
available to paid customers only. (Thinking of trying the test
patchsets.)
Point is, if I didn't have VMs handy for that, I'd probably not try,
because otherwise it's too painful to clobber a system when you make the
wrong change. (With a VM, reverting the prior state is easy.)
All I'm really short on is the time to get that and all the other work
done, but that's a separate problem.
> I can foresee a multiple OS system with an semi-smart AI dedicated to
> the maintenance of system integrity of one system that would be the
> interface to all sorts of communication, from the keyboard and mouse
> to the Internet and whatever it may develop into sort of a super
> firewall on the AI side. But you need a third system running from
> Firmware keeping track of the integrity of the AI.
And an AI to watch the AI? ;->
In general, I don't trust approaches that try to fix security just by
adding another layer. Experience suggests that care about excess
privilege and excess complexity, along with as complete understanding of
what's going on as you can manage, is more likely to work well.
> Thanks for all you do, Rick,
Glad to!
More information about the sf-lug
mailing list