[Ilugc] Forking of Debian
- From: a.narendiran@xxxxxxxxx (Narendiran)
- Date: Wed, 26 Nov 2014 12:14:38 +0530
On Tue, Nov 25, 2014 at 9:34 PM, MohanR <mohan43u at gmail.com> wrote:
who is spawning the job? isn't it pid-1? If you say no, then it means
you don't know how the activation works (look
at /usr/share/dbus-1/systemd-service/org.freedesktop.hostname1.service).
If you say yes, but the actual job is running as another pid, then what
is the point of pid-1 brokering? isn't dbus suppose to spawn the child
instead of pid-1?
Both yes and no.
I agree that PID 1 here is spawning the process. DBUS is a message bus
for interprocess communication and it should stay that way. It SHOULD
NOT do service mangement. What you want is another daemon running
which should do service management. Whether systemd PID 1 should do
this or not is debatable and this has very good arguments on both
sides (
https://news.ycombinator.com/item?id=8353006).
Here is a list of systemd processes running on my PC I mentioned earlier.
1 systemd
158 systemd-journal
179 systemd-udevd
349 systemd-logind
729 systemd
If you note here, there are 2 systemd instances, PID 1 and PID 729.
PID 729 is a systemd instance running under user session. This also
can start and stop services (not all). So not all services have to be
started by PID 1.
The problem here is, you never know what kind of data you will receive
in pid-1 through dbus requests before forking the child. This is what I
say exposing pid-1. If someone exploit here (before spawning the child),
it will lead them to other pid-1 resources. Thats why people are saying
init should not be doing all these work. demons are there to do these
work. even if daemons get compromised, they will not provide other
important resources.
The systemd's dbus API is here
(
http://www.freedesktop.org/wiki/Software/systemd/dbus/). Some of the
security related aspects are mentioned here.
Every architecture has its ups and downs. systemd's solves a whole lot
of problems and causes very few. Yes, systemd PID 1 does service
management and takes requests through dbus. Whether it is good or bad
is up for debate. Saying something like "Everything is PID1, so its
crap" is not only unfair and a gross misrepresentation, but quite
literally untrue.
Don't say SElinux is integrated with systemd so there is no way to
exploit systemd. SElinux will not help in this situation.
I don't use or know anything about SElinux or its relationship with
systemd. Can you provide some references?
[1] all are stupid arguments assuming that whoever ask question against
systemd are not appreciating its features, they don't know about it's
design and they are trolls from reddit.com/r/[a-zA-Z0-9]*/*.
Why do you have to bring reddit into this?
Your post
which started arguments between you and me says "people bashing systemd
have very little technical information", do you still think people
arguing against systemd don't know how it works?
My original statement was "Most of the people bashing systemd are
people with very little technical information about the project." I
did not say everyone who speaks against is like that. There are people
who know what they are talking about, people like theses guys
(
http://uselessd.darknedgy.net/), who would go to lengths to strip
systemd of its undesired functionality. But most of the other people I
have seen on online forums are just haters.
--
A. Narendiran
(The worst way to waste your time is to never waste it.)
Other related posts:
