Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Hardened profile with systemd
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
cyberheb
n00b
n00b


Joined: 27 Sep 2015
Posts: 3

PostPosted: Sun Sep 27, 2015 7:12 am    Post subject: Hardened profile with systemd Reply with quote

Hello,

When selecting profile, there is option for systemd but only for un-hardened profile. No option to use systemd for hardened profile. Of course it is possible to follow systemd manual (emerge -vDN @world with new global USE flag using systemd, emerge --deselect sys-fs/udev and emerge systemd), but I am curious about reason behind why systemd not included in the hardened profile option. Was there any known security issue in systemd so developer chose to use openrc instead?

I am currently designing a platform using Gentoo, security is one of top priority. I think systemd offer pretty much good functionality (yes, mostly for desktop, but also good for server), that's why I plan to use it. However, if there are specific crucial aspect related to systemd with hardened server, then I will have strong reason not to use it.
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 42583
Location: 56N 3W

PostPosted: Sun Sep 27, 2015 8:26 am    Post subject: Reply with quote

cyberheb,

Welcome to Gentoo.

This thread is likely to be locked very soon as questions like this decend into a flamefest.
There are many other topics (mostly locked) on these forums that discuss systemd. Some touch on security too.

My personal opinion, having read many of the threads I've referred you to is that systemd and security go together like windows and security.
That is, its an oxymoron.

Security is not an absolute. You need to analyse your perceived threats that create a security model to defend against them.
The reality is that you end up with several layers, like an onion. The basic idea is to deter attackers so they attack someone else.
One tennent of security is to keep things simple - systemd violates that. While systemd may be modular and its modules simple, its modular in the same way as a completed jigsaw is modular. You have to have all the pieces - even if your use case does not need them.

Better to choose starting point that you add in only what you need - that does not mean openrc either. Gentoo provides other options, openrc is the one in the stage3 tarball. By adding in only what you need you know what you have, rather than attempting to take things away, only to find you cannot.

Other contributers.
State your opinions and rational.

Flames will get this topic locked.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
Buffoon
Veteran
Veteran


Joined: 17 Jun 2015
Posts: 1074
Location: EU or US

PostPosted: Sun Sep 27, 2015 12:27 pm    Post subject: Reply with quote

Just curious, is systemd allowing remote logging now?
Back to top
View user's profile Send private message
mv
Watchman
Watchman


Joined: 20 Apr 2005
Posts: 6276

PostPosted: Sun Sep 27, 2015 3:50 pm    Post subject: Reply with quote

It does not make much sense to harden your kernel and most apps to avoid privilege escalations when you have simulatenously running a highly complex app with root permissions whose main purpose is to make all classical UNIX privileges become a joke.
From the security viewpoint, installing systemd (especially together with policykit) is probably among the most stupid things which you could do.
If you search, you will probably find a list of known security issues with systemd+policykit which I had posted in this forum a while ago. I don't know how much of the issues have been fxied meanwhlie, but you can be sure that a current list of issues would be much longer - though perhaps less easy to get (for the previous list, I needed only a few minutes hunting through open bugs).
It is a not a particular misfeature which is dangerous but the whole concept to build a complex application with high privileges on top of a communication system which every unprivileged user can access.

That being said: hardened does not include other things (like kde, gnome, etc) either. I think they simply want to support a very basic default. You are already out of luck if you happen to have an nvidia card and the nouveau drivers do not work for you....
Back to top
View user's profile Send private message
depontius
Advocate
Advocate


Joined: 05 May 2004
Posts: 3376

PostPosted: Sun Sep 27, 2015 9:05 pm    Post subject: Reply with quote

Let me try this in a more neutral way, if I may.

With no value judgements either way, let me just say that there is little practical experience with systemd running on secure systems. Though it appears to have "won the init wars," (Boy, doesn't that sound like the old "OS Wars" days!) it has not actually seen that much real-world deployment yet, especially in the server space, which tends to be quite conservative.

You may be able to put systemd on a server, and have no problems, because you sound like a small fish.
On the other hand, putting systemd on a server, even if a small fish, might be detectable and be considered a "training ground" for crackers wanting to learn systemd from their side.

Or maybe you're thinking in terms of a hardened desktop, not a server, in which case at the very least you're less sensitive than a non-hardened systemd system.
_________________
.sigs waste space and bandwidth
Back to top
View user's profile Send private message
cyberheb
n00b
n00b


Joined: 27 Sep 2015
Posts: 3

PostPosted: Mon Sep 28, 2015 8:25 am    Post subject: Reply with quote

Thanks all for the feedback. In my case, it would be a hardened server, not desktop. I am still quite new with systemd, but I think it is a valid point to consider in terms of security risk by deploying systemd: it is a complex application with high privileges where unprivileges user can access. So basically it will break the hardened system concept.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum