SCIENTIFIC-LINUX-USERS Archives

January 2021

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Rhel 8
From:
Lamar Owen <[log in to unmask]>
Reply To:
Lamar Owen <[log in to unmask]>
Date:
Mon, 25 Jan 2021 14:19:44 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (59 lines) 
On 1/25/21 1:34 PM, Yasha Karant wrote:
> ...
> I fully agree that a full security audit would be valuable, an audit 
> that needs to be kept current.  Nonetheless, "lines of code" is a well 
> established empirical metric, given the approximate number of 
> execution ("run time") software defects in syntactically correct 
> source code based on the lines of code in the source.  I am not 
> defending "lines of code", merely repeating what is a standard "rule 
> of thumb".
>
While I have not counted to see, the number of distributed lines of code 
in the initscripts pulled in by individual packages should also be 
counted, along with the LoC of bash itself.  LoC has been used as a 
rough rule of thumb in the past, but a formal audit is more accurate.  I 
would imagine Red Hat audits the systemd code internally, but I don't 
have any direct evidence of that.

> My bigger concern is that SystemD is no longer used on an isolated 
> system in a segregated environment (NB: that term has nothing to do 
> with socio-political contexts -- please do not misinterpret it as have 
> some non-CSE colleagues when hearing of that, "race conditions", and 
> other CSE specific terminology).  ...

Understood; as I come from a hardware engineering background I 
understand the potential impacts of 'synchronous asynchrony' and how 
conditions can develop that are very timing-sensitive and 
nondeterministic in behavior; the overall label of 'race condition' is 
used; the most easily explained example I know of is of a four-way stop, 
and all four cars arrive at the intersection simultaneously (within 
human-perceived tolerances, at least).  Which of the four has the right 
of way?

This was sometimes a significant issue with old initscripts.

> Were the init systems more resilient?  These were never designed for 
> the current wide area network platforms and environments such as 
> "cloud computing" -- thus it is very unlikely that these perform 
> better.  The issue comes back to the bloat in SystemD overseeing, in 
> some sense, "everything".  As such, it is a possible single point of 
> failure, or exploit.

It's a common misconception that systemd is one monolithic binary trying 
to do all the things it does; this is not the case.  It IS a large set 
of programs, but each of those is relatively self-contained; see 
https://urldefense.proofpoint.com/v2/url?u=https-3A__en.wikipedia.org_wiki_Systemd&d=DwIFAw&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=pmFyZxsNsGEEYJrcr1FAHWhR-i0LgsbLzEnn12ie7Ag&s=8X0vrNtKYURepsfpHmXakirpVwIFY6biFz6zMzgfzes&e=  for the overview.

But systemd is the name of both the collection of these programs and the 
executable running as PID 1; more than a bit confusing.  Make no 
mistake: it is quite a bit larger than Upstart's init (from EL6) or 
EL5's actual SysV Init, but it's not fair to compare just the code size 
of the init process; the init runs all these scripts that are 
interpreted by the system shell; if that's bash, then the code size 
difference is not nearly as large.  With bash running the initscripts as 
root under the direct control of PID 1, bash must be considered part of 
the init system and thus becomes a link in the vulnerability chain.  The 
chain is only as strong as its weakest link; in sysvinit the collection 
of interrelated initscripts that execute as root is easily the weakest 
link; in systemd it's the relatively large PID 1.

ATOM RSS1 RSS2