• Systemd-init has a larger attack surface compared to runit, openrc, or sysVinit.

  • Systemd-logind relies on systemd, so we need to adapt it for non-systemD distributions to ensure compatibility with certain applications like GNOME.

  • Udev also depends on systemd.

  • SystemD is specific to Linux, which makes porting software to *BSD even more challenging. It’s uncertain what the future holds, and there may be circumstances where Linux becomes unusable for you (e.g., compatibility issues with your laptop). Having a good alternative that doesn’t require relearning everything is generally beneficial.

  • SystemD-based distributions often come with more than just “systemd-init.” They include additional components like logind, resolved, networkd, systemd-timers, etc. However, many people still prefer using the alternatives they were accustomed to before systemd became popular, such as dhcpcd and cron. Consequently, having both sets of tools installed can increase the attack surface.

  • UnsafeOP
    link
    fedilink
    arrow-up
    1
    arrow-down
    6
    ·
    edit-2
    11 months ago

    Again, more attack surface does not mean anything, to add to that example most people use the precompiled kernel that comes with their distro instead of compiling a leaner one to diminish attack surface, because that’s irrelevant.

    Most people also don’t use selinux or apparmor, compile the kernel with -ftrivial-auto-var-init=zero and verify downloaded files using pgp signatures. But it doesn’t mean these things are irrelevant. Even your phone has selinux=enforced option set. Why do you think your pc is not worth it?

    • Nibodhika@lemmy.world
      link
      fedilink
      arrow-up
      5
      arrow-down
      1
      ·
      11 months ago

      You went on a tangent, my point is that larger attack surface does not necessarily equate to more risk. As an example my kernel has controller support even though I have never plugged a controller to it, that grants it a larger attack surface, but does not make it less secure in any significant sense of the word. Therefore just claiming larger attack surface is not a valid criticism on it’s own unless you can provide examples of actual security flaws.

        • Nibodhika@lemmy.world
          link
          fedilink
          arrow-up
          8
          ·
          11 months ago

          If a bug that was fixed over 7 years ago is your best example of security failure in systemd I think that’s proof enough that it’s safe.

          • UnsafeOP
            link
            fedilink
            arrow-up
            1
            arrow-down
            6
            ·
            11 months ago

            Compare it to vulnerabilities found in SysVinit, which was as common as systemd-init is now. There were no similar bugs, that would allow crashing an entire system just by executing a single command.

            • taladar@sh.itjust.works
              link
              fedilink
              arrow-up
              10
              ·
              11 months ago

              There might not have been those kinds of bugs in sysvinit itself but the shitty quality init scripts it encouraged people to write certainly had thousands of security issues.

              • UnsafeOP
                link
                fedilink
                arrow-up
                1
                arrow-down
                7
                ·
                11 months ago

                Misconfiguration is possible in any software. It’s not specific to sysvinit or systemd-init. Selinux was created to solve this.