What am I missing here?
What am I missing here?
Posted Nov 30, 2014 21:31 UTC (Sun) by drago01 (subscriber, #50715)In reply to: What am I missing here? by dps
Parent article: The "Devuan" Debian fork
Posted Nov 30, 2014 21:47 UTC (Sun)
by dlang (guest, #313)
[Link] (7 responses)
They are large, compleicated, and have tons of features that aren't needed for the functionality of the system.
This makes the system more fragile and vulnerable, just because it can do so much more.
Any Yes, a stripped down firewall is an embedded system. A media center computer is also an embedded system. The type or power of the hardware isn't what makes something an embedded system. What makes it an embedded system is the purpose of the system and what you can do with it. If it is setup so that you don't install anything on it, just use it as-is, it's an embedded system. If you can install apps on it, it could be an embedded system, but that depends on the apps available.
My Android Phone is not an embedded system
My Vizio TV is
My router counts and an embedded system when running the factory software, but once I install OpenWRT on it, it's classification as an embedded system becomes more questionable.
Posted Nov 30, 2014 22:07 UTC (Sun)
by drago01 (subscriber, #50715)
[Link] (3 responses)
Posted Dec 1, 2014 0:24 UTC (Mon)
by dlang (guest, #313)
[Link] (1 responses)
When you are talking about security (like the firewall that was being discussed), features that are implemented in the code are part of the attack surface, even if they are features that you don't intend to use on the firewall.
Posted Dec 1, 2014 0:58 UTC (Mon)
by anselm (subscriber, #2796)
[Link]
OTOH, the traditional setup makes a shell (often even bash) part of the attack surface, which is something that systemd can avoid. It's a trade-off.
Posted Dec 2, 2014 21:55 UTC (Tue)
by Wol (subscriber, #4433)
[Link]
Except you DID miss the point.
On a *vulnerable* system an ATTACKER might use those features. So you most definitely DO NOT WANT THEM INSTALLED.
Yes, I think sysvinit provides a much bigger attack surface than systemd. But the point remains. If you are hardening a system, you *DELETE* anything you don't want!
If there's something unnecessary on a hardened system, then it hasn't been properly hardened ...
Cheers,
Posted Nov 30, 2014 22:44 UTC (Sun)
by anselm (subscriber, #2796)
[Link] (2 responses)
Various embedded-system developers have stated in public that they really
like systemd, so it is by no means obvious that systemd is inappropriate for embedded systems. These people generally don't mess around – if systemd didn't do what they need they wouldn't use it at all. Horses for courses.
Posted Dec 1, 2014 0:25 UTC (Mon)
by dlang (guest, #313)
[Link] (1 responses)
Posted Dec 1, 2014 0:54 UTC (Mon)
by anselm (subscriber, #2796)
[Link]
Which is why I didn't say that at all. The logical opposite of “inappropriate for embedded use” is not “appropriate for all embedded use”.
Whether systemd is suitable for any given embedded-system project is something that the developers of that project will need to figure out, based on the requirements of that particular project. There is a chance that systemd may not do what is needed but there is also a chance that systemd will be just what the doctor ordered – it all depends.
What am I missing here?
What am I missing here?
What am I missing here?
What am I missing here?
What am I missing here?
Wol
What am I missing here?
What am I missing here?
What am I missing here?