tags 771254 fixed
thanks
Hi Sven,
On 11/28/2014 11:38 PM, Sven Hartge wrote:
So systems will run outdated systemd-journald after (security) updates
until the systems got rebootet? Since journald owns stdout/stderr of all
the services there seems to be many (remote) attack vectors. This sounds
awful to me.
It _is_ awful.
Indeed. After pondering about the correct solution I had patched the
default config to remove systemd-journald from the preselected list of
services to be restarted. But it is still presented to the user.
I realy don't like to add it to the ignore list. An unpatched running
journald might be a severe security issue. So hiding it completely from
the user within needrestart should be no option IMHO.
If there would be a fix making restart working for systemd-journald some
time later it might be to late (policy driven) to revert patches in
third party packages like needrestart. But the current patch still
notifies the user about the pending upgrade so it should be OK anyway.
Requiring a restart of systemd-journald depends on updates of systemd
and any libraries linked in systemd-journald... I don't no howto blame
the user about the problem and suggest to restart the whole system in
such a case - but this is beyond of the scope of this bug.
The systemd-way of logging is to no longer log to syslog directly but to
just output to STDERR or STDOUT, as far as I understand it.
By restarting journald you risk losing _all_ logging output from all
daemons running the systemd-way.
Sounds like a choice between the devil and the deep blue sea.
HTH,
Thomas
At least that is the way I understand the situation.
Please ask a systemd maintainer for more input, I might be totally wrong.
Grüße,
Sven.
--
:: WWW: http://fiasko-nw.net/~thomas/ ::
::: Jabber: xmpp:tho...@jabber.fiasko-nw.net :::
:: flickr: http://www.flickr.com/photos/laugufe/ ::
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
