Arguments against systemd

From Without Systemd
(Difference between revisions)
Jump to: navigation, search
(Poor design: fix dead link)
(CVEs: add CVE-2019-6454)
(11 intermediate revisions by 5 users not shown)
Line 59: Line 59:
 
** [https://www.cvedetails.com/cve/CVE-2015-1344/ The do_write_pids function in lxcfs.c in LXCFS before 0.12 does not properly check permissions] CVSS 7.2
 
** [https://www.cvedetails.com/cve/CVE-2015-1344/ The do_write_pids function in lxcfs.c in LXCFS before 0.12 does not properly check permissions] CVSS 7.2
 
* [https://latesthackingnews.com/2017/06/29/a-systemd-vulnerability-allows-attackers-hack-linux-machines-via-malicious-dns-response/ systemd vulnerability allows attackers to hack Linux machines via malicious DNS response]<br>
 
* [https://latesthackingnews.com/2017/06/29/a-systemd-vulnerability-allows-attackers-hack-linux-machines-via-malicious-dns-response/ systemd vulnerability allows attackers to hack Linux machines via malicious DNS response]<br>
  +
* [https://www.theregister.co.uk/2018/10/26/systemd_dhcpv6_rce/ Remote code execution via DHCPv6]
  +
* [https://www.qualys.com/2019/01/09/system-down/system-down.txt System Down: several vulnerabilities in systemd-journald] [https://www.theregister.co.uk/2019/01/10/systemd_bugs_qualys/ The Register article on same]
  +
  +
=== CVEs ===
  +
  +
[https://security-tracker.debian.org/tracker/source-package/systemd Debian tracker]
  +
  +
* [https://seclists.org/oss-sec/2019/q1/140 CVE-2019-6454] systemd (PID1) crash with specially crafted D-Bus message [https://usn.ubuntu.com/3891-1/ USN-3891-1]
  +
* [https://security-tracker.debian.org/tracker/CVE-2018-16866 CVE-2018-16866] information leak, out-of-bounds read
  +
* [https://security-tracker.debian.org/tracker/CVE-2018-16865 CVE-2018-16865] memory corruption
  +
* [https://security-tracker.debian.org/tracker/CVE-2018-16864 CVE-2018-16864] memory corruption
  +
* [https://nvd.nist.gov/vuln/detail/CVE-2018-15688 CVE-2018-15688] buffer overflow in the dhcp6 client
  +
* [https://nvd.nist.gov/vuln/detail/CVE-2018-15687 CVE-2018-15687] set arbitrary permissions on arbitrary files
  +
* [https://security-tracker.debian.org/tracker/CVE-2018-15686 CVE-2018-15686] potential root privilege escalation
  +
* [https://nvd.nist.gov/vuln/detail/CVE-2018-6954 CVE-2018-6954] obtain ownership of arbitrary files
  +
* [https://security-tracker.debian.org/tracker/CVE-2018-1049 CVE-2018-1049]
  +
* [https://security-tracker.debian.org/tracker/CVE-2017-1000082 CVE-2017-1000082] parsing error leads to root privilege escalation
  +
* [https://nvd.nist.gov/vuln/detail/CVE-2017-9217 CVE-2017-9217]
   
 
== Absurd bugs and responses ==
 
== Absurd bugs and responses ==
   
  +
* [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739593#54 Debian#739593] systemd makes / shared by default, poettering suggest to not patch this, because you'll broke a lot of containers
 
* [https://bugs.freedesktop.org/show_bug.cgi?id=74589 freedesktop#74589] Unchecked null pointer dereferencing in PID 1 not considered a serious issue.
 
* [https://bugs.freedesktop.org/show_bug.cgi?id=74589 freedesktop#74589] Unchecked null pointer dereferencing in PID 1 not considered a serious issue.
 
* [https://bugzilla.opensuse.org/show_bug.cgi?id=918226 openSUSE#918226] systemd segfaults after updating from 208-23.3 to 208-28.1
 
* [https://bugzilla.opensuse.org/show_bug.cgi?id=918226 openSUSE#918226] systemd segfaults after updating from 208-23.3 to 208-28.1
Line 70: Line 89:
 
* [https://github.com/systemd/systemd/issues/5644 GitHub#5644] tmpfiles: R! /dir/.* destroys root, also see [https://www.preining.info/blog/2017/04/systemd-again/ systemd again (or how to obliterate your system)]
 
* [https://github.com/systemd/systemd/issues/5644 GitHub#5644] tmpfiles: R! /dir/.* destroys root, also see [https://www.preining.info/blog/2017/04/systemd-again/ systemd again (or how to obliterate your system)]
 
* [https://github.com/systemd/systemd/issues/6237 GitHub#6237] systemd can't handle the process previlege that belongs to user name startswith number, such as 0day
 
* [https://github.com/systemd/systemd/issues/6237 GitHub#6237] systemd can't handle the process previlege that belongs to user name startswith number, such as 0day
  +
* [https://github.com/systemd/systemd/issues/2039 GitHub#2039] Default value of RemoveIPC doensn't allow to use third party daemons. -- "This is an issue tracker, not a support forum."
  +
* [https://github.com/systemd/systemd/issues/8596 GitHub#8596] [https://bugzilla.redhat.com/show_bug.cgi?id=1494014 redhat#1494014] systemd incorrectly unmounts a reused mount point after a device removal / systemd automatically unmounts filesystem mounted using "mount <mountpoint>" command
  +
* [https://github.com/systemd/systemd/issues/9602 Github#9602] systemd won't allow the system to start if the system is configured correctly (/etc/localtime as a symlink) (you can even use systemd's tool to configure it!)
   
 
Missing bug report link:
 
Missing bug report link:
Line 105: Line 127:
 
== See also ==
 
== See also ==
   
* [[Wikipedia:systemd]]
+
* [[List of systemd-critical webpages]]
* [[List of blog posts]]
+
* [[List of systemd-critical webpages (non-English)]]
* [[Non-English and multimedia presentations (external links)]]
 
* [[boycottsystemd.org]] (internal copy as actual site went offline)
 
* [https://suckless.org/sucks/systemd suckless.org - systemd is the best example of Suck]
 
 
Forum posts and discussions:
 
 
* [https://forums.bunsenlabs.org/viewtopic.php?id=4346 Fast boot?] in-the-wild discussion (workarounding slow OOTB systemd boot) "Performance tuning the boot process"
 
* [http://forums.debian.net/viewtopic.php?f=20&t=120652&p=570371 Combatting revisionist history]
 
 
Other links:
 
 
* [https://jdebp.eu/FGA/run-scripts-and-service-units-side-by-side.html A side-by-side look at run scripts and service units]
 
* [https://sysdfree.wordpress.com/ blogsite: systemd-free linux community]
 
* [https://pwnies.com/winners/#lamestvendor PwnieAwards 2017 - Lamest Vendor Response goes to Lennart Poettering for systemd] [https://twitter.com/dalmoz_/status/890397041674911745/photo/1 tweet]
 
* [http://pappp.net/?p=969 PAPPP's ramblings - Linux Future (how systemd is not like Unix)]
 
* [https://github.com/coreos/rkt/issues/576 GitHub#576 - systemd requiring CAP_SYS_ADMIN weakening container safety in coreOS/rkt]
 
* [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668001#20 Debian#668001 "debootstrap: cant install systemd instead of sysvinit"] (2014 mailing list thread, 100+ msgs)
 

Revision as of 01:40, 19 February 2019

Contents

Please objectively explain issues and link a reliable source (commit, bug report or documentation).

Scope creep

systemd suffers from scope creep.

See Wikipedia:File:Systemd components.svg.

To be added: systemd-cryptsetup, pam_systemd, acpi, cgroups, gnome-session, tcpwrapper, audit

Issues

  • fsck cannot be cancelled (used to be possible via C-c or c on the console). 7f110ff9b8, Fedora#719952
  • systemd defaults to Google's DNS nameservers. e16cb2e4ef, Debian#761658
  • systemd defaults to Google's NTP servers, which serve leap-smeared time. GitHub#437
  • systemd by default uses Predictable Network Interface Names, which are actually less predictable when you only have one interface per type.
  • systemd by default kills background processes after the user logs out. 97e5530cf2, Debian#825394
    "In my view it was actually quite strange of UNIX that it by default let arbitrary user code stay around unrestricted after logout." -Poettering[6]
  • As systemd depends on many files on a rootfs, in case of any problems with rootfs, it is not able to control processes and (cleanly) shutdown/reboot when Crtl-Alt-Del is pressed.[7]
  • systemd-resolved breaks the traditional glibc behavior by skipping a DNS server in all following queries, if it does not respond once. GitHub#5755, [8]

Conceptional problems

Poor design

Scope creep leads to vulnerabilities

CVEs

Debian tracker

Absurd bugs and responses

  • Debian#739593 systemd makes / shared by default, poettering suggest to not patch this, because you'll broke a lot of containers
  • freedesktop#74589 Unchecked null pointer dereferencing in PID 1 not considered a serious issue.
  • openSUSE#918226 systemd segfaults after updating from 208-23.3 to 208-28.1
  • GitHub#2402 Mount efivarfs read-only - Doing rm -rf / bricks your computer
  • Debian#776171 Unable to shutdown
  • freedesktop#61191 systemd-journald eats 100% CPU
  • freedesktop#64116 Corrupted binary logs
  • GitHub#5644 tmpfiles: R! /dir/.* destroys root, also see systemd again (or how to obliterate your system)
  • GitHub#6237 systemd can't handle the process previlege that belongs to user name startswith number, such as 0day
  • GitHub#2039 Default value of RemoveIPC doensn't allow to use third party daemons. -- "This is an issue tracker, not a support forum."
  • GitHub#8596 redhat#1494014 systemd incorrectly unmounts a reused mount point after a device removal / systemd automatically unmounts filesystem mounted using "mount <mountpoint>" command
  • Github#9602 systemd won't allow the system to start if the system is configured correctly (/etc/localtime as a symlink) (you can even use systemd's tool to configure it!)

Missing bug report link:

Unprofessionalism

Linux (kernel) coup attempt:

"kdbus support is no longer compile-time optional ... We encourage all downstream distributions to begin testing kdbus by adding it to the kernel images in the development distributions, and leaving kdbus support in systemd enabled."[9]

LKML comment

"The kdbuswreck"

"kdbus now out-of-tree"

"kdbus dropped in favor of BUS1"

  • systemd promised that their Journal File Format is stable starting with version 26.[10] Version 44 however does not follow, "Entry metadata that is not actually a field is serialized like it was a field, but beginning with two underscores."

Ignorance of fundamental operating system concepts

See also

Personal tools