this post was submitted on 30 Apr 2024
324 points (95.8% liked)

Linux

48323 readers
1017 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 185 points 6 months ago (4 children)

What you're refering to as Linux, is in fact, Systemd/Linux, or as I've recently taken to calling it, Systemd + Linux. Linux is not an operating system unto itself, but rather another free component of a fully functioning Systemd system made useful by the Systemd corelibs, shell utilities and vital system components comprising a full OS as defined by POSIX

[–] [email protected] 32 points 6 months ago
load more comments (3 replies)
[–] [email protected] 117 points 6 months ago (22 children)

When does systemd stop? Linux without it is increasingly looking unlikely in the future. Are we not worried about it being a single point of failure and attack vector?

This isn't a moan about the unix philosophy btw, but a genuine curiosity about how we split responsibilities in todays linux environment.

[–] [email protected] 168 points 6 months ago* (last edited 6 months ago) (11 children)

SystemD will consume the entirety of Linux, bit by bit.

  • In 2032, SystemD announces they're going to be introducing a new way to manage software on Linux
  • In 2035, SystemD will announce they're making a display system to replace the ageing Wayland
  • In 2038, the SystemD team announces they're making their own desktop environment
  • In 2039 SystemD's codebase has grown to sixteen times its size in the 2020s. SystemD's announces they're going to release replacements for most other packages and ship their own vanilla distro.
  • In 2045 SystemD's distro has become the standard Linux distribution. Most other distros have quietly faded away.
  • In 2047, SystemD announces they're going to incorporate most of GNU into SystemD. Outrage ensues from the Free Software Foundation, which vehemently opposes this move.
  • In 2048, Richard Stallman dies of a heart attack after attempting to clone SystemD's git repo. SystemD engages in a hostile takeover and all resistance within the FSF crumbles
  • In 2050, SystemD buys the struggling RedHat from IBM for $61 million.
  • In 2053, most world governments have been pressured into using SystemD.
  • In 2054, Linus Torvalds, fearing for his life, begins negotiations to merge kernel development into SystemD
  • In 2056, the final message on the Linux kernel development mailing list is sent.
  • In 2058, Torvalds dies under suspicious circumstances after his brand-new laptop battery explodes.
  • In 2060, SystemD agents assassinate the CEO of Microsoft.
  • In 2063, after immense pressure from SystemD-controlled human rights organisations, Arch developers discontinue development.
  • In 2064, the remaining living Debian developers release the next stable version of their clandestine and highly illegal distro.
[–] [email protected] 36 points 6 months ago (1 children)

I think you might want to recheck the ages of some of the people in your timeline, most of them aren't that young anymore.

load more comments (1 replies)
[–] [email protected] 20 points 6 months ago (7 children)

Debian already uses systemd.

load more comments (7 replies)
load more comments (9 replies)
[–] [email protected] 49 points 6 months ago (1 children)

When does systemd stop?

"systemd announces a repleacement module for the kernel"

[–] [email protected] 25 points 6 months ago
[–] [email protected] 39 points 6 months ago (1 children)

By this logic the Linux kernel is also a single point of failure and attack vector.

sudo isn't going away, so does doas. run0 is just another alternative to use or not.

There are still distribution out there without systemd and if there ever won't be any systemd-free distributions left and systemd would become a critical part of the Linux ecosystem, then it would get the same treatment as the Linux kernel with many professional maintainers.

load more comments (1 replies)
load more comments (19 replies)
[–] [email protected] 104 points 6 months ago* (last edited 6 months ago) (21 children)

Soon we will have to call it GNU/systemd/Linux

[–] [email protected] 48 points 6 months ago (1 children)

Nah. Replacing the kernel is probably planned for the next point release - it'll just be GNU/systemd

load more comments (1 replies)
[–] [email protected] 24 points 6 months ago* (last edited 6 months ago) (1 children)

I mean it should kind of already be something like GNU/SystemD/X11/PipeWire/Linux, I guess.

It's not like the GNU utils are the only massive integral part of the OS. I think GNU/Linux caught on squarely because many people follow Stallman, and that's how he wants people to refer to it.

load more comments (1 replies)
load more comments (19 replies)
[–] [email protected] 72 points 6 months ago (3 children)

It's still missing core functionality for an init system, like a display server protocol, compositor, desktop environment and web browser smh.

[–] [email protected] 29 points 6 months ago (1 children)
load more comments (1 replies)
load more comments (2 replies)
[–] [email protected] 57 points 6 months ago (1 children)

Not that I'm opposed to a better sudo alternatives, but I find it rather ironic that one of the reason stated is the large attack surface, considering systemd is a massive attack surface already.

[–] [email protected] 21 points 6 months ago* (last edited 6 months ago) (3 children)

This isn't exactly a "new" attack surface, so removing the attack surface that sudo (and alternatives) is, is probably a net positive.

load more comments (3 replies)
[–] [email protected] 53 points 6 months ago

feature creep

[–] [email protected] 46 points 6 months ago (1 children)

I'm no Linux expert, but I've never had any problems with sudo, it just works. Shouldn't systemd have higher priorities on their mind? This feels like change for the sake of change. And if this does happen, I sincerely hope that it just works, like sudo.

[–] [email protected] 40 points 6 months ago (1 children)

I think the article (or more Lennart Poertting post) explains it quite nicely. The problem with sudo is that the sudo binary itself has the ability to gane elevated privileges which is a potential attack surface

load more comments (1 replies)
[–] [email protected] 46 points 6 months ago (6 children)

Oh, it's gonna use polkit. Sudo bloat is a grain of sand compared to polkit.

Why people want to replace sudo with polkit? Visudo is no near as obscure as configuring polkit.

I hope distro maintainers don't follow this.

load more comments (6 replies)
[–] [email protected] 45 points 6 months ago (3 children)

There's a rewrite of sudo happening in rust, but he wants to throw out the SUID idea altogether?

when invoked under the “run0” name (via a symlink) it behaves a lot like a sudo clone. But with one key difference: it’s not in fact SUID. Instead it just asks the service manager to invoke a command or shell under the target user’s UID. It allocates a new PTY for that, and then shovels data back and forth from the originating TTY and this PTY.

That sounds like opening up the door to what windows is doing UAC and the wonderful vulnerability that the GOG Launcher had for privilege escalation.

I'm not a security researcher, but giving arbitrary users the ability to tel PID 1 to run a binary of the user's choosing is... probably not what Pottering is suggesting, but opens up to such vulnerabilities. And if it's written in C/C++ my trust is further reduced.

Anti Commercial-AI license

load more comments (3 replies)
[–] [email protected] 45 points 6 months ago (9 children)

sudo is already an optional component (yes, really—I don't have it installed). Don't want its attack surface? You can stick with su and its attack surface instead. Either is going to be smaller than systemd's.

systemd's feature creep is only surpassed by that of emacs.

[–] [email protected] 27 points 6 months ago (2 children)

systemd's feature creep is only surpassed by that of emacs.

Tomorrow's headline: emacs wants to expand to include a Sudo replacement

load more comments (2 replies)
load more comments (8 replies)
[–] [email protected] 40 points 6 months ago (5 children)

A lot (and I mean a lot) of criticism can be leveled at systemD. One of the upsides of it becoming popular is the standardization of much of things from the developers' perspective. It's easier to target multiple distros when you can rely on systemD's single implementation of the feature. Over the next decade, I forsee systemD eating more and more of the userspace, until you are only left with managing the differences between DEs and which display server they are using. We're already headed towards immutable base systems with apps shipping with their own dependencies, which we reduce the differences between distros even further.

load more comments (5 replies)
[–] [email protected] 39 points 6 months ago (16 children)

This is great. Not having the attack surface of sudo (and not even being a SUID binary) certainly are great additions.

And I hope people realize that systemd is not one large thing, but a (large) collection of tools.

[–] [email protected] 31 points 6 months ago (2 children)

The attack surface will be a systemd daemon running with UID=0 instead, because how else are you going to hand out root privileges?

So it doesn't really change anything to the attack surface, it just moves it to a different location.

load more comments (2 replies)
load more comments (15 replies)
[–] [email protected] 36 points 6 months ago

So I don't even use systemd myself I run OpenRC. Yet honestly I find the idea quite intriguing, having the service manager (PID 1) invoke the command seems like a cool idea to me.

It's not really a sudo alternative as much as it is another way of doing something similar.

[–] [email protected] 36 points 6 months ago (4 children)

Surprised people aren't moaning about systemd being too big already and still wanting to do more.

[–] [email protected] 29 points 6 months ago (2 children)
load more comments (2 replies)
load more comments (3 replies)
[–] [email protected] 35 points 6 months ago

I honestly started out not liking systemd at all, mostly due to the reports that it did waaay to much, but nowadays, I like the concept.

It is basically officially moving daemon management from a script-based approach to a table/database-based approach. That improves static analyzability, therefore increasing clarity, and probably even performance.

I agree that we should abandon scripts and move towards declarative software management, and abandoning sudo for a more declarative system seems like a good step to me.

[–] [email protected] 35 points 6 months ago (7 children)

How does systemd-run/run0 handle what /etc/sudoers currently does?

I'm disappointed in how little technical discussion there is in this thread.

load more comments (7 replies)
[–] [email protected] 29 points 6 months ago (1 children)
load more comments (1 replies)
[–] [email protected] 27 points 6 months ago (1 children)

The meme is becoming a reality. Systemd really is going to try to be everything lmao

[–] [email protected] 20 points 6 months ago

AlwaysHasBeen.jpg

[–] [email protected] 27 points 6 months ago (21 children)

But for why (I'm commenting this before reading) wouldn't it make more sense to home I'm the scope of systemd so it can be easier to maintain? Why have it do everything?

[–] [email protected] 29 points 6 months ago* (last edited 6 months ago) (4 children)

systemd is more of a set of products and software components branded under a single name rather than a single thing.
systemd itself is rather simple, as most other pieces systemd-* software, like systemd-boot, systemd-networkd and systemd-resolvd. these are usually more stable and less bloated than more popular alternatives

load more comments (4 replies)
load more comments (20 replies)
[–] [email protected] 25 points 6 months ago* (last edited 6 months ago)

Well... Poettering will eventually work his way up to browser engines and then we'll get something efficient... Here's the announcement:

"There's a new component in systemd, called "engined". Or actually, it's not a new component, it's actually the long existing "WebKit" engine now done properly. The engine is also a lot more fun to use than "WebKit" or "Blink" because you can finally have hundreds of tabs open in your browser without running out of RAM.

Coming soon in Coming for systemd 981.

[–] [email protected] 22 points 6 months ago

I'm not surprised. Not surprised at all. (scope creep)

[–] [email protected] 19 points 6 months ago* (last edited 6 months ago)

new sudo vulnerabilities? how exciting!

E: read the article, I guess that is part of the reason for the proposal. interesting

load more comments
view more: next ›