Your message dated Sat, 8 Mar 2014 19:41:16 +0100
with message-id <[email protected]>
and subject line Re: [Pkg-swan-devel] Bug#736758: strongswan is just too bloated
has caused the Debian Bug report #736758,
regarding strongswan is just too bloated
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
736758: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736758
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: strongswan
Version: 5.1.0-3~bpo70+1
Severity: normal
This is going to be not a trivial bugreport.
The subject says it: strongswan is just too bloated.
Default install does (or tries to do) so many things which aren't
necessary on most of setups, it is just insane. For example, it
tries to iteract with dhcp, it opens raw sockets for ARP, it
explicitly loads 2 crypto libraries (openssl and gcrypt) using
plugins, and so on.
It has a concept of plugins. So that every feature is loaded
separately. Which is very nice, you'd think, which lets you to
actually configure just the stuff you really need. BUT.
But once you try to disable one plugin (such as rdrand or ha or
other stuff which produces annoying error messages on startup),
you imediately see even more annoying message telling you that
you shouldn't disable plugins, referring to
http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad
wiki page.
Now, this wiki page says:
Many components of strongSwan have a modular design, features
can be added or removed using a growing list of plugins.
This allows us to keep the footprint small while adding
new functionality.
but at the same time, this page warns against disabling plugins,
giving good reasons why this shouldn't be done.
So this "plugins" feature becomes a compile-time option really.
So this "plugins" feature, instead of allowing to keep the footprint
small, actually makes footprint LARGER, -- because all the compiled
plugins has to be loaded anyway, but when they're in modules and not
compiled-in directly into executable, the footprint is actually
larger.
So it looks like either the plugins system needs to be revisited
and rewritten, to actually allow to specify plugins to load in
the config file, or whole plugins stuff is better to be removed
entirely, always compiling everything into the main executable
(or the library)...
With this large codebase with so many optional features which are
always enabled, a software facing network and running as root
is a good target to compromise a system, instead of making it
more secure.
Oh well.
Thanks,
/mjt
-- System Information:
Debian Release: 7.3
APT prefers stable
APT policy: (990, 'stable'), (500, 'oldstable'), (199, 'testing'), (50,
'unstable'), (40, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.10-amd64 (SMP w/8 CPU cores)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Version: 5.1.1-2+splitplugins
On Sun, Jan 26, 2014 at 07:03:42PM +0400, Michael Tokarev wrote:
> Source: strongswan
> Version: 5.1.0-3~bpo70+1
> Severity: normal
>
> This is going to be not a trivial bugreport.
>
> The subject says it: strongswan is just too bloated.
> Default install does (or tries to do) so many things which aren't
> necessary on most of setups, it is just insane. For example, it
> tries to iteract with dhcp, it opens raw sockets for ARP, it
> explicitly loads 2 crypto libraries (openssl and gcrypt) using
> plugins, and so on.
>
> It has a concept of plugins. So that every feature is loaded
> separately. Which is very nice, you'd think, which lets you to
> actually configure just the stuff you really need. BUT.
>
> But once you try to disable one plugin (such as rdrand or ha or
> other stuff which produces annoying error messages on startup),
> you imediately see even more annoying message telling you that
> you shouldn't disable plugins, referring to
>
> http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad
>
> wiki page.
>
> Now, this wiki page says:
>
> Many components of strongSwan have a modular design, features
> can be added or removed using a growing list of plugins.
> This allows us to keep the footprint small while adding
> new functionality.
>
> but at the same time, this page warns against disabling plugins,
> giving good reasons why this shouldn't be done.
>
> So this "plugins" feature becomes a compile-time option really.
>
> So this "plugins" feature, instead of allowing to keep the footprint
> small, actually makes footprint LARGER, -- because all the compiled
> plugins has to be loaded anyway, but when they're in modules and not
> compiled-in directly into executable, the footprint is actually
> larger.
>
> So it looks like either the plugins system needs to be revisited
> and rewritten, to actually allow to specify plugins to load in
> the config file, or whole plugins stuff is better to be removed
> entirely, always compiling everything into the main executable
> (or the library)...
>
> With this large codebase with so many optional features which are
> always enabled, a software facing network and running as root
> is a good target to compromise a system, instead of making it
> more secure.
>
This is fixed with the 5.1.1-2+splitplugins / 5.1.1-3 uploads in Debian,
where we split plugins to separate packages in order to have convenient
defaults. Future 5.1.2 versions will improve that with upstream support
for (really) modular configuration [1].
[1]: http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad
Regards,
--
Yves-Alexis Perez
signature.asc
Description: Digital signature
--- End Message ---
