On Wed, May 13, 2020, 6:35 AM Eva Star <[email protected]> wrote: > > >> Personally, I consider systemd both a mistake & a security hazard, >> >> > Can you please share more details about this? Personally, I don't use both > of them, but wan't to know. >
You use systems if you use almost any flavor of Linux. The systemd is a process that controls so many things on a system that some people joke about it being a second operating system on top of the Linux kernel. The "security hazard" part comes from the sheer complexity of that code, because it is hard to verify and audit the a system. Just like the old init scripts used to do, systemd basically controls the startup, initialization, and then manages many daemons behind the scenes. You have to just trust that it is going to do the right thing under any particular circumstance. If a rogue actor changed your configuration it could be difficult to detect in some cases. Gaining a persistent foothold on your system would be a common goal for an adversary and system gives them several ways to do that. Qubes however uses a read-only system volume so simply adding extra processes to your system is rather difficult to do by using systemd. They really need either dom0 or template access to do this. -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-users/b40a5604-efe8-4049-8dff-36d5817a438a%40googlegroups.com > <https://groups.google.com/d/msgid/qubes-users/b40a5604-efe8-4049-8dff-36d5817a438a%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJ5FDnjLC3ecF6Z9C00pruaHXp45OD7AD%3DjnyB-_B0BDJH1cBg%40mail.gmail.com.
