On 28.11.2014 23:14, Thomas Liske wrote: > On 11/28/2014 11:04 PM, Sven Hartge wrote: >> On 28.11.2014 22:57, Thomas Liske wrote:
>>>> So please add a blacklist entry to avoid restarting systemd-journald >>>> under any circumstances. >> >>> We should wait until systemd-journald's RC bug got closed. Maybe we >>> should add systemd-journald to the override_rc list if the bug is >>> non-fixable. >> >> The bug is non-fixable, as far as I understand the IRC-log. > > So systems will run outdated systemd-journald after (security) updates > until the systems got rebootet? Since journald owns stdout/stderr of all > the services there seems to be many (remote) attack vectors. This sounds > awful to me. It _is_ awful. > If journald is restarted the stdout/stderr of running daemons got lost - > is this a bigger problem than running a vulnerable journald? The systemd-way of logging is to no longer log to syslog directly but to just output to STDERR or STDOUT, as far as I understand it. By restarting journald you risk losing _all_ logging output from all daemons running the systemd-way. At least that is the way I understand the situation. Please ask a systemd maintainer for more input, I might be totally wrong. Grüße, Sven.
signature.asc
Description: OpenPGP digital signature
