[Pkg-swan-devel] Bug#736758: strongswan is just too bloated

Michael Tokarev mjt at tls.msk.ru
Sun Jan 26 15:03:42 UTC 2014 

Source: strongswan
Version: 5.1.0-3~bpo70+1
Severity: normal

This is going to be not a trivial bugreport.

The subject says it: strongswan is just too bloated.
Default install does (or tries to do) so many things which aren't
necessary on most of setups, it is just insane.  For example, it
tries to iteract with dhcp, it opens raw sockets for ARP, it
explicitly loads 2 crypto libraries (openssl and gcrypt) using
plugins, and so on.

It has a concept of plugins.  So that every feature is loaded
separately.  Which is very nice, you'd think, which lets you to
actually configure just the stuff you really need. BUT.

But once you try to disable one plugin (such as rdrand or ha or
other stuff which produces annoying error messages on startup),
you imediately see even more annoying message telling you that
you shouldn't disable plugins, referring to

 http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad

wiki page.

Now, this wiki page says:

  Many components of strongSwan have a modular design, features
  can be added or removed using a growing list of plugins.
  This allows us to keep the footprint small while adding
  new functionality.

but at the same time, this page warns against disabling plugins,
giving good reasons why this shouldn't be done.

So this "plugins" feature becomes a compile-time option really.

So this "plugins" feature, instead of allowing to keep the footprint
small, actually makes footprint LARGER, -- because all the compiled
plugins has to be loaded anyway, but when they're in modules and not
compiled-in directly into executable, the footprint is actually
larger.

So it looks like either the plugins system needs to be revisited
and rewritten, to actually allow to specify plugins to load in
the config file, or whole plugins stuff is better to be removed
entirely, always compiling everything into the main executable
(or the library)...

With this large codebase with so many optional features which are
always enabled, a software facing network and running as root
is a good target to compromise a system, instead of making it
more secure.

Oh well.

Thanks,

/mjt

-- System Information:
Debian Release: 7.3
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'oldstable'), (199, 'testing'), (50, 'unstable'), (40, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.10-amd64 (SMP w/8 CPU cores)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

More information about the Pkg-swan-devel mailing list