[Arm-netbook] A suggestion why Systemd may be bad
Luke Kenneth Casson Leighton
lkcl at lkcl.net
Thu Feb 16 10:02:17 GMT 2017
---
crowd-funded eco-conscious hardware: https://www.crowdsupply.com/eoma68
On Thu, Feb 16, 2017 at 9:12 AM, Philip Hands <phil at hands.com> wrote:
> Luke Kenneth Casson Leighton <lkcl at lkcl.net> writes:
>
>> if systemd is so bloated and all-encompassing that it in effect
>> demands *all* privileges (it doesn't, but you know what i mean), it
>> utterly defeats the object of having the security system in the first
>> place.
>
> This appears to be another instance of you conflating the init process
> with the project, but perhaps I'm misunderstanding you.
>
> Are you claiming that systemd (the init) uses forks where sysvinit uses
> execs?
i don't know how you conclude i would say that when i don't mention
sysvinit. why would there be an implication of sysvinit being
involved when it's not mentioned?
i'm saying that SE/Linux's security model is based on the isolation
of exec. but, that if the sheer overwhelming number of programs being
exec'd is so huge, it becomes pretty pointless to even *have* such
isolation.
i provide this as a guide *without* spending the time to assess
actual instances... because it's not my job to do so. and, also, with
the sheer overwhelming number of *other* factors (all of them
individually low-probability events), when combined using
demster-shafer information theory, you don't *need* to go in-depth: to
do so is completely pointless.
basically i'm saying, phil, knocking down one skittle by spending the
time to track down one "hole" in what i say, is pointless. the entire
design and deployment of systemd is like a dam made of swiss cheese.
there simply aren't enough fingers to plug all the hundreds of
flaws... so there's little point in trying. this response (one of a
long line of reasons why i will never *ever* use systemd) is just one
response from a different angle, one that i have had at least one
person publicly express gratitude for taking the time to explain, and
one privately. who knows well enough and is old enough and ugly
enough *not* to get involved in the cluster-fuck known as systemd.
l.
More information about the arm-netbook
mailing list