On 27/03/14 11:26 PM, Gaetan Bisson wrote:
My point was only that the security risk is not theoretical.
Of course it isn't: we all know every piece of software has bugs, which is a potential security issue when run as root. Now the above cronie bugs were fixed long ago. Do you have any evidence suggesting systemd should be less bug-prone than cronie?
Arch Linux is going to be shipping systemd in base, whether or not cronie is included. Including more setuid binaries increases the attack surface. I do think it can be assumed that including cronie (with the crontab setuid binary) and systemd will be more prone to exploitation than systemd alone. The importance of this is open to debate, but I think it's worth consideration, especially since cronie is not enabled by default. Perfect security is an unobtainable goal but we can do what we can to harden the base install. It means cron users will need to issue another pacman command, similar to how Arch leaving ptrace_scope enabled by default requires users of commands like `strace -p $PID`, `perf trace -p $PID`, `gdb -p $PID` or `reptyr $PID` to either turn it off or work around it. They're very minor inconveniences for a subset of Arch users and the security benefit is real, even if it's small.