Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

How to avoid stealth installation of systemd?

Here you can discuss every aspect of Debian. Note: not for support requests!
Message
Author
User avatar
edbarx
Posts: 5401
Joined: 2007-07-18 06:19
Location: 35° 50 N, 14 º 35 E
Been thanked: 2 times

Re: How to avoid stealth installation of systemd?

#41 Post by edbarx »

@ adenukolnis ( meandean's ghost? )
Destabilise and brainwash, that is your 'contribution'. You think, you can control me? Your attitude is one belonging to pre-World War II.

I pity you.
Debian == { > 30, 000 packages }; Debian != systemd
The worst infection of all, is a false sense of security!
It is hard to get away from CLI tools.

timbgo
Posts: 265
Joined: 2013-04-14 12:17

Re: How to avoid stealth installation of systemd?

#42 Post by timbgo »

adenukolnis wrote:
edbarx wrote:Discontent ....... will inevitably motivate those who can create alternatives to code new solutions.
Isn't that how we got systemd?
Wrong!
But edbarx leave it. If is is intentional denigration (I can't judge, don't know), it vanishes with good things that shine, which you do.

The focus of ours here should be on returning the option of freedom from systemd and friends for the users.
Common good.
Myself, after seeing that the following on my Grsecurity Tip has surged significantly, although I am risking time to do it, from other things, I have decided to try and do for non-systemd-Debian.

But one at a time, go these things in my Debian updating ways.

I just fixed an inconsistency in:
https://github.com/miroR/jigdo-automate-scripts
and tried to make it more friendly to newbies.
And am using it to download jigdo DVDs.

edbarx, is that the jessie you were talking about? From testing branch like my jigdo-automate-scripts ?

If so, once I download it, and it will take time, I'm only yet at debian-testing-amd64-DVD-2.iso, last update a month and a half ago (like in the README:
https://github.com/miroR/jigdo-automate ... ter/README
that is: Jul 22 13:17 )
then the next thing is the Grsec patched kernel, and upload it on http://www.croatiafidelis.hr/gnu/deb/, and then...

This is what I feel I need to do (I'll try hard to):
then, with my insufficient knowledge of Debian, I'll try and follow what you suggest, and what originally probably Vitaly suggested, long ago now.

And I believe I should try and do it in the System configuration section, because then it won't be just discussion, but real work. I guess.

I'd like to show step by step, so others can do it, how to uninstall systemd and live without it.
Much later, maybe in the evening or later on, tomorrow, this is lots of work, on a slow machine like mine, on top of the slow connection.

Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
Anyone can dismiss these: kernel hooks for rootkits
linux capabilities for intrusion?

User avatar
edbarx
Posts: 5401
Joined: 2007-07-18 06:19
Location: 35° 50 N, 14 º 35 E
Been thanked: 2 times

Re: How to avoid stealth installation of systemd?

#43 Post by edbarx »

timbgo, denigration will not affect me. It is a well known fact that some still use the psychological control strategy of destabilise and brainwash when they have no arguments. If the poster wants attention, he has to seek it in civilised ways.

Attempts at psychological control will not work.
Debian == { > 30, 000 packages }; Debian != systemd
The worst infection of all, is a false sense of security!
It is hard to get away from CLI tools.

timbgo
Posts: 265
Joined: 2013-04-14 12:17

Re: How to avoid stealth installation of systemd?

#44 Post by timbgo »

You didn't notice my question there, edbarx. I guess it was just oversight.
Never mind.

But can i tell you what I really fear is happening with these strange transitions such as systemd?
I mean what I fear for me, and for anyone else, when these not-in-the-spirit-of-GNU changes take most of the distros? What I think is the danger we are facing?

Right now I'm online, and I just don't anymore feel safe. Do you want me to tell you why, as far as I see and understand it, however imperfectly that I do?

M.R.
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
Anyone can dismiss these: kernel hooks for rootkits
linux capabilities for intrusion?

User avatar
edbarx
Posts: 5401
Joined: 2007-07-18 06:19
Location: 35° 50 N, 14 º 35 E
Been thanked: 2 times

Re: How to avoid stealth installation of systemd?

#45 Post by edbarx »

timbgo wrote:You didn't notice my question there, edbarx. I guess it was just oversight.
Never mind.
The main problem with systemd is the same one afflicting proprietary products whatever they happen to be. It is control by corporate bodies in an attempt to appease their customers to maximize their profits. However, this unwelcome control goes against the spirit of GNU/Linux where lock-ins were a blasphemy a few years back.

GNU/Linux should be an ecosystem where freedom is what empowers innovations. Software lock-ins are diametrically opposite and attempt to streamline software. This means, diversity and choice will suffer.

It is not a question of rejecting systemd but rather a question of rejecting its attempt at creating lock-ins. systemd may have its place in newbie friendly distributions as it tries to integrate the system. However, this should not be done at the expense of killing diversity and choice.
Debian == { > 30, 000 packages }; Debian != systemd
The worst infection of all, is a false sense of security!
It is hard to get away from CLI tools.

timbgo
Posts: 265
Joined: 2013-04-14 12:17

Re: How to avoid stealth installation of systemd?

#46 Post by timbgo »

I enjoy reading your lines. That's a very accurate description of the state of GNU/Linux and the perils we face as free community.

But there is more.

Tell me, you, edbarx, or other readers, what is there to derive from:

False Boundaries and Arbitrary Code Execution
https://forums.grsecurity.net/viewtopic.php?f=7&t=2522

Don't miss to take notice, if you skim through there, lines like "backdooring a system" and such.

M.R.
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
Anyone can dismiss these: kernel hooks for rootkits
linux capabilities for intrusion?

User avatar
edbarx
Posts: 5401
Joined: 2007-07-18 06:19
Location: 35° 50 N, 14 º 35 E
Been thanked: 2 times

Re: How to avoid stealth installation of systemd?

#47 Post by edbarx »

As I see it, security is a never ending battle. The level of security of a system also depends on the purpose of the system and what data that system holds. This is how experts on security view it which is more than logical. If you want to lift 1000 Kgs a vertical height of 10 stories, you don't hire a crane that can lift 300 tons.
Debian == { > 30, 000 packages }; Debian != systemd
The worst infection of all, is a false sense of security!
It is hard to get away from CLI tools.

timbgo
Posts: 265
Joined: 2013-04-14 12:17

Re: How to avoid stealth installation of systemd?

#48 Post by timbgo »

Yeah, well... I don't reckon users' privacy unimportant.

I was reading a few days ago a fine, unmaintained but historical short series of articles by Daniel Robbins, the man who started Gentoo, but is not anymore the leader.

Here's the article:
OpenSSH key management, Part 1
http://www.gentoo.org/doc/en/articles/o ... ent-p1.xml
and it's easy find the remaining part 2 and 3, links in bottom.

Sadly, oldish as I am, I would now need to reread it to have fresh arguments in mind...

Never mind. I can offer what I do find amazing about him (what I wonder is how could he have, it appears, left Gentoo in some harder times, and spent time with Microsoft?...)... But what I find amazing about him is how he admits wen things go wrong in a program of his.

Find on Part 3:
http://www.gentoo.org/doc/en/articles/o ... ent-p3.xml
Daniel Robbins wrote: I received an e-mail from Charles Karney of Sarnoff Corporation, who politely informed me of OpenSSH's new authentication agent forwarding abilities, which we'll take a look at in a bit. In addition, Charles emphasized that running ssh-agent on untrusted machines is quite dangerous: if someone manages to get root access on the system, then your decrypted keys can be extracted from ssh-agent. Even though extracting the keys would be somewhat difficult, it is within the skill of professional crackers. And the mere fact that private key theft is possible means that we should take steps to guard against it happening in the first place.
and an interested reader can read more there.

On the other hand, when, back then, that is quite a few days ago actually, last month, when I was looking into keychain and things, I was surprised to find it used by dbus.

This is currently running on my system, this one that I connect to internet with:

Code: Select all

$ ps aux | grep ssh
root      2184  0.0  0.0  54976  1004 ?        Ss   Sep06   0:00 /usr/sbin/sshd
mr        2447  0.0  0.0  10592    32 ?        Ss   Sep06   0:00 /usr/bin/ssh-agent /usr/bin/dbus-launch --exit-with-session x-session-manager
mr       15141  0.0  0.0  19980  1796 pts/9    S+   21:48   0:00 grep ssh
mr@naibd6:/Cmn/mr$
And this is not something I installed, but probably a dbus "requirement"...

I doubt that a user can get a completely truthful explanation so easily, publically, on why is this needed, what does it do, and the rest. Not such open explanation like in Daniel's article.
M.R.
Last edited by timbgo on 2014-09-08 21:20, edited 2 times in total.
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
Anyone can dismiss these: kernel hooks for rootkits
linux capabilities for intrusion?

User avatar
edbarx
Posts: 5401
Joined: 2007-07-18 06:19
Location: 35° 50 N, 14 º 35 E
Been thanked: 2 times

Re: How to avoid stealth installation of systemd?

#49 Post by edbarx »

Actually, privacy is sacrosanct, let alone it being unimportant.

What I said, means that security measures have to be in proportion with the purpose of the machine. On my home computer, I have arno-iptables-firewall, privoxy, adblock plus and no-script installed. I also clear cokies every session automatically. With this, still some websites refuse to give me access because of my 'stringent' security. A shining example is disqus.com. I think, disqus thinks my system is used for cracking although I never did anything of the sort. I remember another website that refuse me access: comcast.com.
Debian == { > 30, 000 packages }; Debian != systemd
The worst infection of all, is a false sense of security!
It is hard to get away from CLI tools.

timbgo
Posts: 265
Joined: 2013-04-14 12:17

Re: How to avoid stealth installation of systemd?

#50 Post by timbgo »

Maybe I worry too much, but given the easiness an expert can own your system today, because of the treason, yes, allowing such hooks into the kernel is Linus' own treason on the users of his kernel...

What did he think? That no one would read out what those software architecture that goes by the name linux capabilities is for, apart from what it is on the surface?

I thank whom you name (us Christians, and Muslims and other religions, thank God), but if you want me to, I thank the god GNU, if you want, for the fact that such honesty is there in such genius, Brad Spender Spengler, which is maybe the sole match to Linus Torvalds in among the known security experts, for us the general GNU/Linux population, to have that article available for reading.

To me that is one of the most important revelations in computing ever!

Go read it again, whoever is reading this post. There's so much in there!

And couple that with the fact that dbus, which is part of poetteringware architecture, uses ssh-agent for some arcane purposes... Which purposes? ssh is for encryption, and I am allowed to encrypt things in my computer... Only me.

But dbus, consolekit (which may have gone away, replaced with same functionality in systemd itself, whatever)... and such stuff... Uh-uh! I don't like them encrypting, because such programs are done for multiple "seats" (that is their terminology). That is, not just the user sitting at his computer, but other "seats" as well!

I'm scared. Scared for losing my privacy in my own computer.

This is not off topic. Systemd is there for such purposes as I claim above. The plutocracy few people who started those false GNU projects, that can go by the name poetteringware just fine, the unknown to the public small bunch supported by a multitude who care solely/predominantly/sufficiently for their interests more than for the common interest (which, the common good, the GNU was all about since its inception, the freedom and the common good)...

Those tiny fraction of the one percent kind of people who got these projects going, through corporate capital, and with that huge support they are getting from people who care for common good from too little to up to being able to outright easily sell their neighbor, let alone common good!...

...They are taking away all the freedom and common good away from our GNU/Linuces...

Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
Anyone can dismiss these: kernel hooks for rootkits
linux capabilities for intrusion?

timbgo
Posts: 265
Joined: 2013-04-14 12:17

Re: How to avoid stealth installation of systemd?

#51 Post by timbgo »

How can systemd be uninstalled?
http://forums.debian.net/viewtopic.php?f=5&t=117276

I need some help there (will be useful to others in similar circumstances: many)

Miroslav Rovis
Zagreb, Croatia
www.CroatiaFidelis.hr
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
Anyone can dismiss these: kernel hooks for rootkits
linux capabilities for intrusion?

User avatar
edbarx
Posts: 5401
Joined: 2007-07-18 06:19
Location: 35° 50 N, 14 º 35 E
Been thanked: 2 times

Re: How to avoid stealth installation of systemd?

#52 Post by edbarx »

For those who want to remove systemd, it can be removed but there is an outstanding bug that prevents the complete setup of sysvinit. The approach is to:
a) first install sysvinit and sysvinit-core
b) reboot and remove systemd. I tried to explicitly pass init=/sbin/init to the kernel without success.
c) reboot to start using sysvinit and reinstall both packages to correct any errors.
d) search for any remaining systemd fragments.

Do not forget to update your system before doing this.
Debian == { > 30, 000 packages }; Debian != systemd
The worst infection of all, is a false sense of security!
It is hard to get away from CLI tools.

adenukolnis
Posts: 459
Joined: 2012-02-24 18:36

Re: How to avoid stealth installation of systemd?

#53 Post by adenukolnis »

edbarx wrote:... there is an outstanding bug that prevents the complete setup of sysvinit.

Has it been reported? Do you have a link to the report?

I do not recall having any problems whatsoever. In fact I repeatedly installed/removed both of them and had no issues. Then again I do not have anything on my system that relies on any systemd packages so that would probably make things go a bit smoother.

timbgo
Posts: 265
Joined: 2013-04-14 12:17

Re: How to avoid stealth installation of systemd?

#54 Post by timbgo »

I thought I was doing the right thing posting the hands-on question in the System cofiguration... I still think so.
So guys, I hope you don't mind if I quote your suggestions there, not here.
M.R.
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
Anyone can dismiss these: kernel hooks for rootkits
linux capabilities for intrusion?

goulo
Posts: 47
Joined: 2012-01-19 09:52

Re: How to avoid stealth installation of systemd?

#55 Post by goulo »

Just to sanity-check - if you remove all libsystemd* files, then you're necessarily giving up dbus, policykit, and various other stuff which (in my limited understanding) depend on them and are pretty commonly considered "essential" even for those using using a light WM or desktop like LXDE instead of Gnome or other heavy desktops directly requiring systemd, right?

I'm trying to research just how necessary/unnecessary dbus is.
The music/video player VLC seems to depend on it, for example (but see https://stackoverflow.com/questions/216 ... c-needs-it )

aptitude -s remove dbus on my system show various stuff depending on it, e.g. inkscape, midori, aeskulap

And in a bsd forum there was this discussion suggesting that some "normal" desktop stuff might work wonkily without dbus:
https://forums.freebsd.org/viewtopic.php?&t=24589

...or am I misunderstanding something?

Concretely, I see that I currently have installed these 3 libsystemd files:
ii libsystemd-id128-0:i386 208-8 i386 systemd 128 bit ID utility library
ii libsystemd-journal0:i386 208-8 i386 systemd journal utility library
ii libsystemd-login0:i386 208-8 i386 systemd login utility library
which all show a maze of things depending on them...

User avatar
edbarx
Posts: 5401
Joined: 2007-07-18 06:19
Location: 35° 50 N, 14 º 35 E
Been thanked: 2 times

Re: How to avoid stealth installation of systemd?

#56 Post by edbarx »

adenukolnis wrote:
edbarx wrote:... there is an outstanding bug that prevents the complete setup of sysvinit.

Has it been reported? Do you have a link to the report?
It was reported just after I invoked apt-get install sysvinit-core sysvinit by apt-listbugs.
Debian == { > 30, 000 packages }; Debian != systemd
The worst infection of all, is a false sense of security!
It is hard to get away from CLI tools.

timbgo
Posts: 265
Joined: 2013-04-14 12:17

Re: How to avoid stealth installation of systemd?

#57 Post by timbgo »

edbarx wrote:
adenukolnis wrote:
edbarx wrote:... there is an outstanding bug that prevents the complete setup of sysvinit.

Has it been reported? Do you have a link to the report?
It was reported just after I invoked apt-get install sysvinit-core sysvinit by apt-listbugs.
And is there a link, for the non-so-Debian-ways-initiated like me?
goulo wrote:Just to sanity-check - if you remove all libsystemd* files, then you're necessarily giving up dbus, policykit, and various other stuff
which is exactly the poetteringware stuff.
Ummh, how I'd like to live without those! I managed to get rid of those in Gentoo:
Uninstalling dbus and *kits (to Unfacilitate Remote Seats)
https://forums.gentoo.org/viewtopic-t-992146.html

Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
Anyone can dismiss these: kernel hooks for rootkits
linux capabilities for intrusion?

adenukolnis
Posts: 459
Joined: 2012-02-24 18:36

Re: How to avoid stealth installation of systemd?

#58 Post by adenukolnis »

goulo wrote:Just to sanity-check - if you remove all libsystemd* files, then you're necessarily giving up dbus, policykit, and various other stuff
That sounds about right. Obviously each case will be different, especially in regards to various other stuff

goulo wrote:which (in my limited understanding) depend on them and are pretty commonly considered "essential" even for those using using a light WM or desktop like LXDE instead of Gnome or other heavy desktops directly requiring systemd, right?
I do not know what others consider essential.

...or am I misunderstanding something?
You do not seem to be.

Concretely, I see that I currently have installed these 3 libsystemd files:
ii libsystemd-id128-0:i386 208-8 i386 systemd 128 bit ID utility library
ii libsystemd-journal0:i386 208-8 i386 systemd journal utility library
ii libsystemd-login0:i386 208-8 i386 systemd login utility library
which all show a maze of things depending on them...
Correct. Those are the parts that a LOT of stuff depends on. None of those is systemd the init system. So you can have those and still not be using systemd as the init ssytem.

goulo
Posts: 47
Joined: 2012-01-19 09:52

Re: How to avoid stealth installation of systemd?

#59 Post by goulo »

OK, thanks for the confirmation, guys.

adenukolnis
Posts: 459
Joined: 2012-02-24 18:36

Re: How to avoid stealth installation of systemd?

#60 Post by adenukolnis »

goulo wrote:Just to sanity-check - if you remove all libsystemd* files, then you're necessarily giving up dbus, policykit, and various other stuff which (in my limited understanding) depend on them and are pretty commonly considered "essential" even for those using using a light WM or desktop like LXDE instead of Gnome or other heavy desktops directly requiring systemd, right?
working on a list of software that doesnt depend on any systemd software
http://www.debianuserforums.org/viewtop ... =11&t=3014

Post Reply