[systemd-devel] No security on systemd-journal-gatewayd

Lennart Poettering lennart at poettering.net
Thu Dec 12 06:08:32 PST 2013


On Thu, 12.12.13 05:20, Kay Sievers (kay at vrfy.org) wrote:

> 
> On Wed, Dec 11, 2013 at 11:53 PM, Reindl Harald <h.reindl at thelounge.net> wrote:
> > Am 11.12.2013 22:41, schrieb Cecil Westerhof:
> >> I tried out systemd-journal-gatewayd. But it looks like that everyone that can
> >> contact, can get log info. Is that true, or am I overlooking something?
> >
> > as far as i remeber from older posts about it the intention is that
> >
> > a) it is not on by default
> > b) if you turn it on you need to open the port in the firewall too
> > c) if you open the port you do this only for trusted sources
> 
> The current implementation is more a proof-of-concept, not used or
> enabled by default. It has zero built-in security, it cannot be used
> or enabled in untrusted environments without externally provided
> protection.

That's not really true. There's security built in, it does SSL among
other things if that's enabled.

There's no authentication currently though.

Lennart

-- 
Lennart Poettering, Red Hat


More information about the systemd-devel mailing list