--- crowd-funded eco-conscious hardware: https://www.crowdsupply.com/eoma68
On Thu, Feb 16, 2017 at 9:12 AM, Philip Hands phil@hands.com wrote:
Luke Kenneth Casson Leighton lkcl@lkcl.net writes:
if systemd is so bloated and all-encompassing that it in effect demands *all* privileges (it doesn't, but you know what i mean), it utterly defeats the object of having the security system in the first place.
This appears to be another instance of you conflating the init process with the project, but perhaps I'm misunderstanding you.
Are you claiming that systemd (the init) uses forks where sysvinit uses execs?
i don't know how you conclude i would say that when i don't mention sysvinit. why would there be an implication of sysvinit being involved when it's not mentioned?
i'm saying that SE/Linux's security model is based on the isolation of exec. but, that if the sheer overwhelming number of programs being exec'd is so huge, it becomes pretty pointless to even *have* such isolation.
i provide this as a guide *without* spending the time to assess actual instances... because it's not my job to do so. and, also, with the sheer overwhelming number of *other* factors (all of them individually low-probability events), when combined using demster-shafer information theory, you don't *need* to go in-depth: to do so is completely pointless.
basically i'm saying, phil, knocking down one skittle by spending the time to track down one "hole" in what i say, is pointless. the entire design and deployment of systemd is like a dam made of swiss cheese.
there simply aren't enough fingers to plug all the hundreds of flaws... so there's little point in trying. this response (one of a long line of reasons why i will never *ever* use systemd) is just one response from a different angle, one that i have had at least one person publicly express gratitude for taking the time to explain, and one privately. who knows well enough and is old enough and ugly enough *not* to get involved in the cluster-fuck known as systemd.
l.