this post was submitted on 04 Jan 2024
-81 points (20.0% liked)
Linux
48178 readers
840 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
So what? Linux Kernel has an even larger attack surface, the size of the attack surface is a moot point without examples of attacks being made
Yes, systemd modules depend on systemd, that's like complaining that a GUI application depends on X.
It doesn't, that's ridiculous, several distros don't use systemd and still have udev
If your laptop doesn't run Linux it will not run BSD since BSD has less hardware compatibility than Linux. Also BSD is a different system, you'll need to relearn a lot of things, how to enable services is just one of them, and a pretty small one at that. And Finally there are forks of systemd that work on BSD, the reason it's not used there is not technical.
Again, more attack surface does not mean anything, to add to that example most people use the precompiled kernel that comes with their distro instead of compiling a leaner one to diminish attack surface, because that's irrelevant. You could have said let's your system bloated which would be a somewhat valid point, the answer being if the person cared they would uninstall one of the alternatives, but you chose the most insignificant aspect of this, if there's a vulnerability in your computer it's 99.99999% coming from whatever you exposed in that computer, e.g. SSH, Nextcloud, etc, chances of an attack coming through systemd are so ridiculously small it's not even worth mentioning, and if ever someone discovers an escalation privilege or something similar on systemd the fact that everyone uses it will make the fix available in 24h on most major distros.
There are reasons to hate on systemd, but you didn't provided a single valid one.
Most people also don't use selinux or apparmor, compile the kernel with -ftrivial-auto-var-init=zero and verify downloaded files using pgp signatures. But it doesn't mean these things are irrelevant. Even your phone has selinux=enforced option set. Why do you think your pc is not worth it?
You went on a tangent, my point is that larger attack surface does not necessarily equate to more risk. As an example my kernel has controller support even though I have never plugged a controller to it, that grants it a larger attack surface, but does not make it less secure in any significant sense of the word. Therefore just claiming larger attack surface is not a valid criticism on it's own unless you can provide examples of actual security flaws.
There is an example: https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet
If a bug that was fixed over 7 years ago is your best example of security failure in systemd I think that's proof enough that it's safe.
Compare it to vulnerabilities found in SysVinit, which was as common as systemd-init is now. There were no similar bugs, that would allow crashing an entire system just by executing a single command.
There might not have been those kinds of bugs in sysvinit itself but the shitty quality init scripts it encouraged people to write certainly had thousands of security issues.
Misconfiguration is possible in any software. It's not specific to sysvinit or systemd-init. Selinux was created to solve this.