Bug 908081 - RFE: package journald (http) gatewayd separately
Summary: RFE: package journald (http) gatewayd separately
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: systemd
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: systemd-maint
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: 906530
TreeView+ depends on / blocked
 
Reported: 2013-02-05 20:12 UTC by Matthew Miller
Modified: 2014-08-19 19:50 UTC (History)
11 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2013-07-16 10:48:39 UTC


Attachments (Terms of Use)

Description Matthew Miller 2013-02-05 20:12:33 UTC
The journal gatewayd service allows log access of the network (see http://www.freedesktop.org/software/systemd/man/systemd-journal-gatewayd.service.html for details if you're just joining in).

It's off by default, and uses libmicrohttpd. It _doesn't_ provide any filtering or access control.

The dependencies are small, but I think it would still be better to make this a subpackage, because it's feature most people won't need or benefit from, and not including it when not needed reduces the attack surface both for information leaks and possible escalation vulnerabilities.

Comment 1 Matthew Miller 2013-03-26 20:51:22 UTC
In Fedora 19, the dependency chain has grown a little more important, since libmicrohttpd now uses gnutls, and is the only package in the minimal install which does so; this pulls in gnutls and its new dependent libs nettle and hogweed.

I see the interest in this functionality, but I'd really like to see it as a subpackage for F19.

Comment 2 Matthew Miller 2013-05-09 03:40:12 UTC
Ping on this one.

From the closing comments in bug #907551, maybe we should just ship with it not built at all for this release?

Comment 3 Lennart Poettering 2013-05-09 12:49:28 UTC
You really hate that thing don't you? ;-)

I see no problem with shipping it. We shouldn't turn it on by default however, since it's unprotected.

Comment 4 Matthew Miller 2013-05-09 15:01:35 UTC
(In reply to comment #3)
> You really hate that thing don't you? ;-)

Let's just say it concerns me. I have no problem with it as a potential solution for certain cases.

> I see no problem with shipping it. We shouldn't turn it on by default
> however, since it's unprotected.

I don't really mind shipping it as a separate package.  But to quote Kay:

>> I totally see the benefit in general, but we should not offer any unfinished
>> interfaces to the public, also not in anaconda.
>> It's not only insecure by default, it might also change its interfaces in
>> the future. It should not be exposed in its current state, only developers
>> or very specific setups, which are aware of the risks, should use it.

To me, this suggests that separating it is the right thing, for users who might not realize that something installed as part of the core is so experimental. But, I also don't like the dependency creep and particularly additional crypto in @core.

Comment 5 Kay Sievers 2013-06-21 11:48:32 UTC
It should probably just be disabled in the RHEL7 build, if it should not
appear there:
  --disable-microhttpd

Comment 7 Matthew Miller 2013-06-21 13:06:02 UTC
That's fine for RHEL, but this is for Fedora.

When this issue initially came up, Lennart said

 Correspondingly the microhttpd library is only pulled in by the journal
 gateway daemon, which is responsible for the HTTP iface to the journal.
 We thought about splitting this off into an individual package (and it
 would be really easy to still do that), but as the code of libmicrohttpd
 is minimal, and it doesn't pull in any deps beyond what is already in the
 minimal installation set we didn't bother so far.

  https://lists.fedoraproject.org/pipermail/devel/2012-October/172163.html

This is a request to actually do the "really easy to still do that" subpackaging, because as noted above, it actually _does_ pull in deps beyond what is in the minimal installation.

I would also be fine with disabling it completely in Fedora, but it seems more useful to have it as a subpackage so people who do want to experiment with it have it readily available.

Comment 8 Michal Schmidt 2013-07-16 10:48:39 UTC
Forgot to update the BZ...

* Wed Jun 26 2013 Michal Schmidt <mschmidt@redhat.com> 204-10
- Split systemd-journal-gateway subpackage (#908081).


Note You need to log in before you can comment on or make changes to this bug.