[systemd-devel] No security on systemd-journal-gatewayd
Kay Sievers
kay at vrfy.org
Wed Dec 11 20:20:53 PST 2013
On Wed, Dec 11, 2013 at 11:53 PM, Reindl Harald <h.reindl at thelounge.net> wrote:
> Am 11.12.2013 22:41, schrieb Cecil Westerhof:
>> I tried out systemd-journal-gatewayd. But it looks like that everyone that can
>> contact, can get log info. Is that true, or am I overlooking something?
>
> as far as i remeber from older posts about it the intention is that
>
> a) it is not on by default
> b) if you turn it on you need to open the port in the firewall too
> c) if you open the port you do this only for trusted sources
The current implementation is more a proof-of-concept, not used or
enabled by default. It has zero built-in security, it cannot be used
or enabled in untrusted environments without externally provided
protection.
Kay
More information about the systemd-devel
mailing list