Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

systemd is destructive

Here you can discuss every aspect of Debian. Note: not for support requests!
Locked
Message
Author
millpond
Posts: 698
Joined: 2014-06-25 04:56

Re: systemd is destructive

#81 Post by millpond »

bw123 wrote:
Systemd is just another svchost app, and do we really want to discover 20 years from now that all our real attempts at system security is nothing but a joke???

I dont really care if my toaster gets hacked, or if my alarms go off at 3am. I can fix that, with an older version of Linux.

I do care if the swat teams come bashing down my door because someone in the DNC decided to use my system as a bot for their emails.
Interesting point of view, but real examples of systemd being hacked this way would be more persuasive.

The problem is that the high level of technical competence to use the exploits in open source code, make it unlikely that they would even be detected in reasonable time periods. I for one do not believe in the least that mod-heartbeat was a programmer error. Just do a little investigation, and it seems positively weird how it got into the Apache distribution.

A well designed exploit will be undetectable since it will not be different from normal system processes. With the exception that many of the best designed exploits, if they are discovered at all, often have no observable functions, and will often self destruct after a period of time. My personal guess is that they are used as capsids to inject into hardware.

All modern CPUs have special execution bits designed to enable *outside* agencies to take control of the system. The user has no access to these functions. An example of this explained is at:
https://www.youtube.com/watch?v=4kCICUPc9_8

Systemd enters into the fray, as Redhat's primary customer is the US military, and it is certainly reasonable to suppose that they would want ultimate control over their systems without operator awareness. we will never see those exploits, as they would be regarded as Top Secret. This article:
https://igurublog.wordpress.com/2014/02 ... your-life/

Mentions how Redhat and M$ software have had certain anomalies over long period of time, that may be more than 'bad programming' - especially when such bad programming can generate overflow/race conditions that can compromise the system.

There have been plenty of security patches already issued for systemd:
/www.suse.com/support/update/announcemen ... 346-1.html

Is just one. The problem is that as the program grows within Linux, and its complexity increases, that major exploits become not just probable, but apparently inevitable. Just look at Linux itself, after having suffered quite a few major embarassments in the past few years.

Plus there is the fact that any software used by the US military would be a primary target in any international cyberwarfare as part of a pre-emptive first strike: Command, Control, Communications.

I certainly do not believe that non-systemd systems would be safe in such a scenario - only *safer*.

SO at least by current technology available to general users like us - absence of evidence is not evidence of absence.

The scary part is *trends*, which is the main objection to systemd, and similar 'technologies' that attempt to usurp the traditionally independent parts of the general system.

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: systemd is destructive

#82 Post by Head_on_a_Stick »

^ That being the case, the Linux kernel should not be used then -- RedHat contributes quite a lot of code to the kernel, no?

The kernel is far more likely to subvert the system than PID1 and contains far more lines of code in which a backdoor could be hidden.

Has anybody told the Devuan people?

:mrgreen:
deadbang

User avatar
edbarx
Posts: 5401
Joined: 2007-07-18 06:19
Location: 35° 50 N, 14 º 35 E
Been thanked: 2 times

Re: systemd is destructive

#83 Post by edbarx »

Head_on_a_Stick wrote:The kernel is far more likely to subvert the system than PID1 and contains far more lines of code in which a backdoor could be hidden.
The kernel is the system. A backdoor would simply be a function that is permanently running as a thread. However, SystemD, as its name suggests, is another system that is replacing parts of "classical Linux", with "modern" parts that require tweaks by obstinate naughty users, who insist of putting themselves as rulers of their operating systems.
Debian == { > 30, 000 packages }; Debian != systemd
The worst infection of all, is a false sense of security!
It is hard to get away from CLI tools.

millpond
Posts: 698
Joined: 2014-06-25 04:56

Re: systemd is destructive

#84 Post by millpond »

edbarx wrote:
Head_on_a_Stick wrote:The kernel is far more likely to subvert the system than PID1 and contains far more lines of code in which a backdoor could be hidden.
The kernel is the system. A backdoor would simply be a function that is permanently running as a thread. However, SystemD, as its name suggests, is another system that is replacing parts of "classical Linux", with "modern" parts that require tweaks by obstinate naughty users, who insist of putting themselves as rulers of their operating systems.
I believe that at the core of the matter is the belief that Linux is and should remain a recognizable and *similar* port of Unix. Posix compliant in all aspects.

Its the general direction of deviating away from this backbone that is the real issue here.

I have no objection to Redhat/Ubuntu creating Lennux. It would probably even run more efficiently on desktops and widgets.

But i want Linux on my systems. I would consider BSD, but for driver issues.
I want to be able to create my own daemons and put them where I want them, and fire them up and stop them on my own terms. Sysvinit gives me those options plain and clear. I do not want them lgged into some weird type of database and wotnot - that might be subject to processes i do not want.

The object of Linux is to have the power to wrest control of the system even from Linus.
Compiling ones kernel goes a long way towards this, for example.

Where are the config option files to compile systemd, and even gnome to turn stuff OFF.

Its a much bigger battle than just systemd.

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: systemd is destructive

#85 Post by Head_on_a_Stick »

edbarx wrote:A backdoor would simply be a function that is permanently running as a thread.
Actually, I was thinking of a deliberate buffer overflow or similar vulnerability.
deadbang

fsmithred
Posts: 1873
Joined: 2008-01-02 14:52

Re: systemd is destructive

#86 Post by fsmithred »

Head_on_a_Stick wrote:The kernel is far more likely to subvert the system than PID1 and contains far more lines of code in which a backdoor could be hidden.

Has anybody told the Devuan people?
The kernel team has a much better track record when it comes to fixing their own bugs and not breaking other people's stuff. And yes, the devuan folks know. I think most of them are sysadmins with lawns.

User avatar
sunrat
Administrator
Administrator
Posts: 6412
Joined: 2006-08-29 09:12
Location: Melbourne, Australia
Has thanked: 116 times
Been thanked: 462 times

Re: systemd is destructive

#87 Post by sunrat »

fsmithred wrote:...I think most of them are sysadmins with lawns.
I didn't think lawns needed sysadmins, just water and mow every few weeks. :D
“ computer users can be divided into 2 categories:
Those who have lost data
...and those who have not lost data YET ”
Remember to BACKUP!

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: systemd is destructive

#88 Post by Head_on_a_Stick »

I wrote:Has anybody told the Devuan people?
I apologise for this flippant comment, I meant no disrespect to the hard-working Devuan team.
fsmithred wrote:The kernel team has a much better track record when it comes to fixing their own bugs and not breaking other people's stuff.
Even if that is true, @millpond was referring to deliberate attempts to place vulnerabilities in the code base, this would be easier to do and harder to detect [1] with the (much) larger code base in the Linux kernel rather than systemd (and also more likely to be effective).

[1] The only way to find deliberate backdoors would be a systematic audit of the code and who does that? *cough*OpenBSD*cough*
deadbang

User avatar
oswaldkelso
df -h | grep > 20TiB
df -h | grep > 20TiB
Posts: 1490
Joined: 2005-07-26 23:20
Location: UK
Has thanked: 1 time
Been thanked: 58 times

Re: systemd is destructive

#89 Post by oswaldkelso »

[1] The only way to find deliberate backdoors would be a systematic audit of the code and who does that? *cough*OpenBSD*cough*
While OpenBSD maybe one of the more secure operating systems they do include "binary blobs" that they have no way of checking.

https://web.archive.org/web/20060603230 ... /node/6550

I like the FSF position on this. If the firmware can not be updated in any way it's part of the hardware, If it can it's software and needs the source to be available.

Of course that doesn't stop some trumped up leader from ordering the manufacturer to insert dodgy firmware, so even more reason to buy hardware with free firmware.
Free Software Matters
Ash init durbatulûk, ash init gimbatul,
Ash init thrakatulûk agh burzum-ishi krimpatul.
My oldest used PC: 1999 imac 333Mhz 256MB PPC abandoned by Debian

millpond
Posts: 698
Joined: 2014-06-25 04:56

Re: systemd is destructive

#90 Post by millpond »

Head_on_a_Stick wrote:
I wrote:Has anybody told the Devuan people?
I apologise for this flippant comment, I meant no disrespect to the hard-working Devuan team.
fsmithred wrote:The kernel team has a much better track record when it comes to fixing their own bugs and not breaking other people's stuff.
Even if that is true, @millpond was referring to deliberate attempts to place vulnerabilities in the code base, this would be easier to do and harder to detect [1] with the (much) larger code base in the Linux kernel rather than systemd (and also more likely to be effective).

[1] The only way to find deliberate backdoors would be a systematic audit of the code and who does that? *cough*OpenBSD*cough*
Keeping in mind that much of Unix development with networks has been funded directly, or indirectly by DARPA - I have no doubts that there are some kind of exploits well hidden in the kernel coding or else probably a commonly used module. Look at Bash, which was probably the tip of the iceberg. But I do believe that the deepest layer exploits would be the most classified, to be used only in times of 'emergency' - lest their existence come to light. They do not really bother me, as they could just as easily shut the net down.

It all comes down to a matter of who to trust: Linus or Lennart. My choice is the Finn. Lennart has a history of arrogance and even contempt for Linus himself. There is no real question that he intends the systemd project to morph into something that will challenge the kernel itself. plus i trust Redhat about as much as I trust microsoft. The exploits I expect to see inserted would be more military and corporate in nature. Aimed at command, control and surveillance (particularly for the military). This will be most apparent when redhat starts to try to march us into the cloud, and at first the code will be innocuous. Execution disable bits used to prevent unauthorized access, as well as promoted as a security device against theft, and even remote repair of damaged BIOS. In a way some of the greatest threats will he hidden in plain sight.

Plus there is another aspect: look at how much software has started off 'free' and morphed into blood suckers after they have 'hooked' a user base. Do we really trust redhat that much????

swirler
Posts: 166
Joined: 2013-11-24 11:19

Re: systemd is destructive

#91 Post by swirler »

millpond wrote:(...)
Keeping in mind that much of Unix development with networks has been funded directly, or indirectly by DARPA - I have no doubts that there are some kind of exploits well hidden in the kernel coding or else probably a commonly used module. Look at Bash, which was probably the tip of the iceberg. But I do believe that the deepest layer exploits would be the most classified, to be used only in times of 'emergency' - lest their existence come to light. They do not really bother me, as they could just as easily shut the net down.(...)
And lose the wealth of information that makes the surveillance state possible in the first place, not to mention the worldwide scam known as "networked finance" ?

Segfault
Posts: 993
Joined: 2005-09-24 12:24
Has thanked: 5 times
Been thanked: 17 times

Re: systemd is destructive

#92 Post by Segfault »

Thanks for interesting links in this thread! I'm one of those weird ones who think to make informed decisions information is needed (earlier in this thread someone said information is bad for you).
Anyhow, according to this Debian never had a choice ... :roll:

User avatar
dasein
Posts: 7680
Joined: 2011-03-04 01:06
Location: Terra Incantationum

Re: systemd is destructive

#93 Post by dasein »

That blog piece unequivocally and egregiously misquotes and mischaracterizes the original presentation.

(Yeah, actual research is good.)

TonyVanDam
Posts: 67
Joined: 2013-05-17 19:22

Re: systemd is destructive

#94 Post by TonyVanDam »

M51 wrote:I might check out Devuan for curiosity's sake, but these days I am running more and more on my own personal distro built out of LFS (no systemd). I still use Debian for some things I haven't yet finished, but that will change soon enough.

I was lazy in allowing systemd on the machine. Since all it really had to do was host some files I figured "How could it screw that up?" Apparently the answer is: "Completely".
Excuse me for being late in this thread. There are a few Debian-based distros like MX & antiX that you can try. :)

millpond
Posts: 698
Joined: 2014-06-25 04:56

Re: systemd is destructive

#95 Post by millpond »

TonyVanDam wrote:
M51 wrote:I might check out Devuan for curiosity's sake, but these days I am running more and more on my own personal distro built out of LFS (no systemd). I still use Debian for some things I haven't yet finished, but that will change soon enough.

I was lazy in allowing systemd on the machine. Since all it really had to do was host some files I figured "How could it screw that up?" Apparently the answer is: "Completely".
Excuse me for being late in this thread. There are a few Debian-based distros like MX & antiX that you can try. :)
Worthy of consideration, certainly. But...

Do they have active forums (one of Devuans failings).
Do they directly interact with the Debian archives (with filters) - one of Devan's strengths.

I need something long term, and am NOT about to reinstall from scratch every few years. But it looks like I'll be going off grid as time goes by, as alot of the newer stuff i just compile in, bypassing Apt. (Yes i know I can add it into the database.... too lazy). (Just avoid system libs!!)

User avatar
golinux
Posts: 1579
Joined: 2010-12-09 00:56
Location: not a 'buntard!
Been thanked: 1 time

Re: systemd is destructive

#96 Post by golinux »

millpond wrote:Do they have active forums (one of Devuans failings).
Are you aware that there is an 'alternate' Devuan forum?
May the FORK be with you!

sgage
Posts: 86
Joined: 2013-03-10 21:00
Has thanked: 1 time
Been thanked: 2 times

Re: systemd is destructive

#97 Post by sgage »

I am finding Devuan to be very good, very solid. I've been using Devuan 'jessie' as my daily driver for a couple of months now (I use the MATE environment), but have used Devuan 'ascii" (basically equivalent to stretch) quite a bit, and it is very solid and shaping up nicely. I definitely recommend Devuan if you want to get away from systemd.

Yes, things can seem slow on the site/discourse/forum, but if you post something there, people are on it, then it's not so slow :) I find myself wishing I was able to help more. I have been contributing as I am able.

If the whole systemd thing really bugs you, as it does me, you should check out devuan.org...

millpond
Posts: 698
Joined: 2014-06-25 04:56

Re: systemd is destructive

#98 Post by millpond »

golinux wrote:
millpond wrote:Do they have active forums (one of Devuans failings).
Are you aware that there is an 'alternate' Devuan forum?
Must be new.

Bookmarked.

Devuan Jessie is running fine on 64 bit (fresh install).
Its a little unstable on the 32 bit updated Jessie system, however, but not bad. Still very usable.

I'll be by soon...

anticapitalista
Posts: 428
Joined: 2007-12-14 23:16
Has thanked: 12 times
Been thanked: 13 times

Re: systemd is destructive

#99 Post by anticapitalista »

sgage wrote: ... but have used Devuan 'ascii" (basically equivalent to stretch) quite a bit, and it is very solid and shaping up nicely. I definitely recommend Devuan if you want to get away from systemd.
Is it really equivalent to stretch? Last I looked (admittedly several months back), most of the apps in Devuan ascii were well behind Debian stretch.
antiX with runit - lean and mean.
https://antixlinux.com

User avatar
golinux
Posts: 1579
Joined: 2010-12-09 00:56
Location: not a 'buntard!
Been thanked: 1 time

Re: systemd is destructive

#100 Post by golinux »

millpond wrote:
golinux wrote:Are you aware that there is an 'alternate' Devuan forum?
Must be new.
We got up and running the end of November. IRC is still the most active meeting place.
millpond wrote:I'll be by soon...
See ya there!
Last edited by golinux on 2017-02-10 15:18, edited 1 time in total.
May the FORK be with you!

Locked