[systemd-devel] No security on systemd-journal-gatewayd
Kay Sievers
kay at vrfy.org
Thu Dec 12 08:15:10 PST 2013
On Thu, Dec 12, 2013 at 3:08 PM, Lennart Poettering
<lennart at poettering.net> wrote:
> On Thu, 12.12.13 05:20, Kay Sievers (kay at vrfy.org) wrote:
>
>>
>> On Wed, Dec 11, 2013 at 11:53 PM, Reindl Harald <h.reindl at thelounge.net> wrote:
>> > Am 11.12.2013 22:41, schrieb Cecil Westerhof:
>> >> I tried out systemd-journal-gatewayd. But it looks like that everyone that can
>> >> contact, can get log info. Is that true, or am I overlooking something?
>> >
>> > as far as i remeber from older posts about it the intention is that
>> >
>> > a) it is not on by default
>> > b) if you turn it on you need to open the port in the firewall too
>> > c) if you open the port you do this only for trusted sources
>>
>> The current implementation is more a proof-of-concept, not used or
>> enabled by default. It has zero built-in security, it cannot be used
>> or enabled in untrusted environments without externally provided
>> protection.
>
> That's not really true. There's security built in, it does SSL among
> other things if that's enabled.
>
> There's no authentication currently though.
We must not give the impression that this is "secure" in any way, it
is not, and cannot generally be used unless it is secured by other
things. So, no this is not secure at all, just possibly encrypted, but
I doubt that was the question.
Kay
More information about the systemd-devel
mailing list