Open rgacogne opened 6 months ago
kpfleming
commented
6 months ago This sounds like a lot of work for little to no gain; is the concern here that libsystemd links to many other libraries and one of those libraries could be used to compromise auth/rec/dnsdist?
rgacogne
commented
6 months ago Yes, and I agree it might not be worth it, I just want to make sure we know why we do it. I know systemd is working on not loading the compression libraries unless they are actually used, which will make the situation better, but the libraries would still show up in the transitive dependencies of our products.
christian-heusel
commented
6 months ago Systemd apparently did some efforts on cleaning things up in that regard: https://chaos.social/@bluca@fosstodon.org/112208167240646037
Also https://chaos.social/@pid_eins@mastodon.social/112202687973228580 might be of interest 😊
Short description
On Linux systems where
libsystemdis available all three products automatically link against it. Given the recentxzdrama, I'm wondering if it would make sense to re-implement the communication primitives we need and drop this dependency, especially since the interface has been stable for a long time. For auth and dnsdist this means re-implementingsd_notifywhich is easy. For the recursor (and possibly auth and dnsdist in the near future) it meanssd_notify,sd_journal_sendvandsd_journal_stream_fd, which seems significantly harder. It might not make sense in the end, but I feel it's worth looking into to understand the trade-off.