85

I have seen so many times that systemd is insecure, bloated, etc. So i wonder ¿does it worth to switch to another init system?

you are viewing a single comment's thread
view the rest of the comments
[-] dack@lemmy.world 16 points 1 year ago

I don't see any fundamental reason why systemd would be insecure. If anything, I would expect it to be less prone to security bugs than the conglomerations of shell scripts that used to be used for init systems.

The bloated argument seems to mostly come from people who don't understand systemd init is a separate thing from all the other systemd components. You can use just the init part and not the rest if you want. Also, systemd performs way better than the old init systems anyway. I suspect many of the those complaining online didn't really have first hand experience with the old init systems.

If a different init suits your needs better, then sure go with it. But for the vast majority of typical desktop/server stuff, systemd is probably the best option. That's why most distributions use it.

[-] gian@lemmy.grys.it 3 points 1 year ago

I don’t see any fundamental reason why systemd would be insecure.

You mean aside how the author answer to CVEs, right ?

If anything, I would expect it to be less prone to security bugs than the conglomerations of shell scripts that used to be used for init systems.

Not sure. In the end the shell script were just an easy and consistent way to start/stop programs. If the programs were secure (read: checked the input and sanitize it, did the check for permissions and so on) there is not a big difference.

Also, systemd performs way better than the old init systems anyway.

In what regards ? Boot faster ? Fine, but on a server it does not mean anything, a server does not reboot that often; for a desktop it not that the 5 seconds you gain are a fundamental gain.

One problem I see is with the logs: it is true that the format is documented, but a text format is always readable while a binary format... (been here, done that 🤬 )

[-] dack@lemmy.world 2 points 1 year ago

I agree those CVE responses are not great. Those are from quite a few years ago though. Has their handling of CVEs improved since?

Boot times are not that big of a deal to me either, but some people seem to care about it a lot.

I've never personally had any problems with binary logs. You could always forward to a different logging daemon if that's a concern.

[-] gian@lemmy.grys.it 2 points 1 year ago

I’ve never personally had any problems with binary logs.

I had it and I am sure that I could have solved the problem faster if I could have solved it faster if I did not needed to first understand how to access the logs on a damaged system.

You could always forward to a different logging daemon if that’s a concern.

This does not solve the problem, it only move it to somewhere else.

this post was submitted on 28 Aug 2023
85 points (100.0% liked)

Linux

48224 readers
521 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS