systemd
systemd
|
|
---|---|
Basic data
|
|
Maintainer | Lennart Poettering , Kay Sievers ( Red Hat Inc.) |
developer | Lennart Poettering , Kay Sievers , Harald Hoyer |
Publishing year | March 30, 2010 |
Current version |
246 ( July 30, 2020 ) |
operating system | Linux |
programming language | C. |
category | System software |
License |
GNU LGPL 2.1+ ( Free Software ) |
systemd.io |
systemd is a background program ( daemon ) for Linux systems that is used as an init process as the first process ( process ID 1) to start, monitor and terminate further processes. It was programmed in C by Lennart Poettering , Kay Sievers ( Red Hat Inc.), and others, and is released as free software under the GNU Lesser General Public License (LGPL).
The name with the final "d" corresponds to the naming scheme common for daemons: systemd is the daemon that starts and maintains the system.
history
The ideas and concepts for systemd arose from the consideration of already existing modernized init systems such as launchd from macOS and SMF ( Service Management Facility ) from Solaris . It was released on April 10, 2010. Distributions that use systemd as the default init service are Fedora version 15 or higher , openSUSE version 12.1 or higher, Mandriva 2011, Mageia version 2 or higher , Arch Linux since October 2012, Red Hat Enterprise Linux version 7 or higher , Tizen and siduction from version 2013.2 , SUSE Linux Enterprise Server from version 12, Ubuntu from version 15.04 and Debian from version 8.
From version contains 221 systemd sd-bus , an independent D-Bus - programming that given the complexity between libdbus and GDBus is located. sd-bus supports both the classic dbus1 in the user space and kdbus as the backend and should thus enable a smooth transition to interprocess communication in the kernel.
technology
Systemd is backwards compatible with SysVinit scripts. However, features are deliberately used that are only available under Linux, but not on other Unix-like operating systems . It can therefore only run on systems with a Linux kernel.
It should do better justice to the mutual dependencies of processes, lead to a better utilization at system start through more parallelization and thus cause fewer delays than the older, classic SysVinit or the Upstart, which has since been abandoned by Ubuntu .
The basic concept for this is to largely start all processes at the same time. In order not to work partially with serialization on the basis of the mutual dependencies of the processes recorded in a model, as is the case with other systems that basically rely on parallelization, the D-Bus connections and sockets for interprocess communication are provided before the start of the associated service Any messages that may accrue from the kernel are buffered until the service is ready . The same is done for requests to file systems using autofs .
In addition, it can only start services that are required occasionally on an event-based basis only when required and thus start fewer services when the system starts. It thus performs tasks that inetd does in classic Unix systems .
Furthermore, all shell boot scripts are to be replaced by declarative configuration files that define how the respective services are started. These files are usually much easier to write than init scripts and avoid the considerable overhead of shell scripts.
criticism
Systemd polarizes the community extremely strongly. This leads to flame wars and shitstorms on the part of the supporters and opponents, some of which, however, are also directed against the developer himself, especially Poettering and Sievers. The discussion as to whether one should continue to use SysVinit in Debian or switch to systemd or another init system led to disputes that lasted for months and finally to a vote (“General Resolution”), numerous resignations and a fork under the name Devuan .
The main point of criticism of systemd is its claim to want to do significantly more different tasks than the old SysVinit, which makes it quite complicated and error-prone and also violates the Unix philosophy (a program should only solve one problem, but this as well as possible). Many developers expressed concern that systemd would restrict freedom and flexibility by restricting the system environment too much. It has often been criticized that systemd saves log files in binary format and not as simple text files . Another point of criticism is the decision to develop systemd explicitly for Linux only. It has repeatedly been criticized that developers tend to ignore or deny programming errors. The Devuan developers expressed concern that Debian and the other major distributions were now trapped by Red Hat in a “vendor lock-in” .
Theodore Ts'o criticized the excessive focus on the Gnome - desktop environment ; there is a risk that many system components will no longer work with other desktops. In the long term, this could lead to the complete unusability of other desktops if there was no longer any alternative to systemd. The Devuan developers speculated that there could be a takeover of Debian by the Gnome project in the long term. Linus Torvalds stated that he had no firm opinion about systemd; some properties like binary logs are insane, but these are questions of detail and not fundamental problems. The systemd developers generally have too generous an attitude towards program errors and compatibility problems. InfoWorld reported that systemd developers ignored programming errors and closed bug reports without fixing the errors, which led Torvalds to exclude Kay Sievers, one of the leading systemd developers, from kernel development. Overall, systemd had split the Linux community, which would damage Linux in the long term. In October 2013, Mark Shuttleworth described systemd as "highly invasive and hardly justified". At the end of October 2015, Slashdot reported that BusyBox developer Denys Vlasenko had removed systemd support from BusyBox. Vlasenko explained that those responsible for systemd are unfriendly to the rest of the world, so there is no reason for the rest of the world to cooperate with them. Linus Torvalds said in July 2017 on the Linux kernel mailing list "LKML.org" that he could no longer trust that "init" was doing the right thing.
Integration of Google services in the code
In September 2014 it was announced that a component of the systemd in certain cases DNS -Anfragen to Google - name server forwards without the administrator has set it, which led to discussions about the confidentiality, security and integrity of user data. The responsible Debian maintainer rejected the criticism. This fact was re-established in July 2015. Poettering defended this attitude on the grounds that he wanted to ensure a functioning system.
Also in July 2015, GitHub reported that Google time servers were firmly integrated into the systemd code as default or fallback . Poettering also defended this decision, although he admitted that the Google servers provided inaccurate data. A Google developer criticized this attitude.
Vulnerabilities
In September 2016, a bug became known that allows any unprivileged user to launch a DoS attack on systemd and the associated processes. The Musl developer Rich Felker said that systemd is a large monolithic process that does not partially fail in the event of an error, but instead crashes the entire system. The discovered bug is less of a serious security problem, but rather shows a fundamental design flaw.
At the beginning of 2017, a discussion developed about the fact that systemd executes daemons with root rights if a user name beginning with a number is specified in the configuration of the daemon. The vulnerability was rated differently. The developers declared that this was not a programming error, because such usernames are not allowed on Linux systems and it is the responsibility of the administrator to not allow them. In addition, an attacker must already have root rights on the affected system in order to be able to create such user names. The bug report was initially closed. A patch was installed later, which means that incorrect parameters for security-critical options are no longer ignored, but instead lead to the process not being loaded.
In June 2017, a vulnerability that had existed since 2015 was discovered in systemd-resolved. This allows systemd to be caused to execute malicious programs through a compromised DNS server , which could cause the service to crash or be taken over by external attackers. Canonical employee Chris Coulson first reported the vulnerability . Accordingly, the version numbers 223 to 233 have been affected since 2015. Red Hat announced that the Red Hat Enterprise Linux 7 they sell was not vulnerable. Debian stated that the recently released Debian 9 (codenamed "Stretch") is also not affected because systemd-resolved is not enabled by default. There is now a patch that closes the security gap.
In October 2018 it became known that a programming error in the IPv6 DHCP client could be abused by systemd to take over vulnerable Linux systems with manipulated DHCP packets.
In January 2019, the US IT security company Qualys reported a bug in the systemd component journald that allows users to gain root privileges on a system. This was achieved within ten minutes on an x86 system and within 70 minutes on an amd64 system.
literature
- Thorsten Leemhuis: Collection point - retrieve log information from the systemd journal . c't 13/2014, page 168
Web links
- systemd on freedesktop.org
- Original announcement (English)
- The road forward for systemd (English)
- Lennart Poettering, Kay Sievers, Thorsten Leemhuis: The Init-Systemd part 1 , part 2 at heise.de
- Video interview with Lennart Poettering from 2011
- The Linux System , CRE podcast with Lennart Poettering from November 10, 2015
- systemd for Administrators Collection of article originally published on 0pointer.de ( PDF )
- Systemd in the Arch Linux Wiki
Individual evidence
- ↑ a b README - systemd / systemd - System and Session Manager . (English, accessed November 17, 2018).
- ↑ Release 246 . July 30, 2020 (accessed July 31, 2020).
- ↑ a b systemd. In: Analysis Summary. Ohloh . Retrieved August 15, 2011 .
- ↑ a b Lennart Poettering: License. In: systemd git. freedesktop.org , accessed February 3, 2013 .
- ↑ Interview with Lennart Poettering, developer Systemd. golem.de , May 27, 2011, accessed on March 18, 2013 .
- ^ Lennart Poettering: The Biggest Myths. Retrieved February 3, 2013 .
- ↑ Mikko Ylinen: Tizen IVI Architecture. (PDF; 3.8 MB) Accessed February 3, 2013 (English).
- ↑ Release Notes: Release Notes for siduction 2013.2. Retrieved October 22, 2014 .
- ↑ Release Notes: SUSE Linux Enterprise Server 12 Release Notes. Retrieved March 2, 2015 .
- ↑ Release Notes: Ubuntu 15.04 Release Notes. Retrieved April 23, 2015 .
- ↑ Debian 8 "Jessie" published. April 25, 2015, accessed April 26, 2015 .
- ↑ The new sd-bus API of systemd , June 19, 2015
- ↑ a b Ferdinand Thommes: Systemd as the control center for the Linux system. In: LinuxUser , edition 04/2014. Retrieved February 26, 2016 .
- ↑ Ferdinand Thommes: Linus Torvalds criticizes Systemd developers sharply. In: ComputerBase. April 3, 2014, accessed August 24, 2016 .
- ↑ Thorsten Leemhuis: Debian vote on the init system: No fundamental decision required. In: Heise online. November 19, 2014, accessed February 26, 2016 .
- ↑ Thorsten Leemhuis: Debian opts for systemd - at least for now. In: Heise online. February 11, 2014, accessed February 26, 2016 .
- ↑ Thorsten Leemhuis: Debian: Choice to the standard init system leads to quarrel. In: Heise online. November 2, 2014, accessed February 26, 2016 .
- ↑ Oliver Diedrich: Debian: Systemd dispute drives out developers. In: Heise online. November 17, 2014, accessed February 26, 2016 .
- ↑ Oliver Diedrich: Devuan: Let's start now. In: Heise online. January 13, 2015, accessed February 26, 2016 .
- ↑ a b Joe Casad: Debian Gets Forked; Legendary Uber-distro splits over the systemd controversy. In: Linux Magazine. December 2, 2014, accessed September 11, 2017 .
- ↑ a b Kristian Kißling: Linus Torvalds does not mind Systemd. In: Linux magazine. September 18, 2014, accessed August 24, 2016 .
- ↑ a b Steven Vaughan-Nichols: Linus Torvalds and others on Linux's systemd. In: ZDNet. September 14, 2014, accessed August 24, 2016 .
- ^ A b Paul Venezia: Systemd: Harbinger of the Linux apocalypse. In: InfoWorld. International Data Group , August 18, 2014, accessed August 26, 2016 .
- ↑ a b Silviu Stahie: Linus Torvalds Blocks All Code from Systemd Developer for the Linux Kernel. In: Softpedia. April 3, 2014, accessed August 26, 2016 .
- ↑ Ferdinand Thommes: Devuan publishes first beta without systemd. In: ComputerBase . April 29, 2016. Retrieved December 22, 2016 .
- ↑ Mark Shuttleworth: Quantal, raring, saucy ... In: Homepage of Mark Shuttleworth. October 18, 2013, accessed on July 13, 2017 .
- ↑ Denys Vlasenko: remove systemd support. October 22, 2015, accessed November 7, 2016 .
- ↑ Busybox Deletes Systemd Support. Slashdot , October 31, 2015, accessed November 7, 2016 .
- ↑ a b Jürgen Schmidt: Systemd developers want to close the “0day” gap after all. In: Heise online. July 11, 2017. Retrieved July 13, 2017 .
- ↑ Linus Torvalds: Re: [RFC] [PATCH] exec: Use init rlimits for setuid exec. In: LKML.org. July 6, 2017, accessed on July 13, 2017 .
- ↑ Simon Sharwood: Linus Torvalds may have damned systemd with faint price. The Register, July 17, 2017, accessed July 24, 2017 .
- ↑ Debian Bug report logs - # 761658; Please do not default to using Google nameservers. Accessed August 23, 2016 .
- ↑ Source of the file systemd / configure.ac. (No longer available online.) In: Github. Archived from the original on August 24, 2016 ; accessed on August 24, 2016 . Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice.
- ↑ FallbackDNS shouldn't have values set at compile time # 494. In: Github issue # 494. Accessed August 24, 2016 .
- ↑ Source of the file systemd / configure.ac. (No longer available online.) In: Github. Archived from the original on August 24, 2016 ; accessed on August 24, 2016 . Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice.
- ↑ timeX.google.com provide non standard time # 437. In: Github issue # 437. Accessed August 24, 2016 .
- ↑ timesyncd: default NTP pool instead of Google NTP # 439. In: Github issue # 439. Accessed August 24, 2016 .
- ↑ Do not provide default NTP servers. Fixes # 437. # 444. In: Github issue # 444. Accessed August 24, 2016 .
- ↑ Systemd should no longer use Google's time server. In: golem.de. July 1, 2015, accessed August 24, 2016 .
- ↑ Kristian Kißling: No time for Systemd? In: Linux magazine . July 1, 2015, accessed August 24, 2016 .
- ↑ Assertion failure when PID 1 receives a zero-length message over notify socket # 4234. In: Github issue # 4234. Retrieved October 5, 2016 .
- ↑ Tom Spring: Hack Crashes Linux Distros with 48 Characters of Code. In: Threatpost. Kaspersky Lab , October 3, 2016, accessed October 6, 2016 .
- ↑ Sebastian Krahmer: Headsup: systemd v228 local root exploit (CVE-2016-10156). In: LWN.net . January 24, 2017, accessed July 13, 2017 .
- ↑ Jürgen Schmidt: Excitement about alleged security holes in systemd. In: Heise online . July 3, 2017. Retrieved July 13, 2017 .
- ↑ Refuse to load some units by keszybz Pull Request # 6300 systemd / systemd. In: github.com. GitHub, accessed July 13, 2017 .
- ↑ Chris Coulson (Canonical): CVE-2017-9445: Out-of-bounds write in systemd-resolved with crafted TCP payload. Openwall, June 27, 2017, accessed July 13, 2017 .
- ↑ USN-3341-1: Systemd vulnerability. In: Canonical ( Ubuntu ). June 27, 2017, accessed on July 13, 2017 .
- ↑ Shaun Nichols: Don't panic, but Linux's Systemd can be pwned via an evil DNS query. The Register, June 29, 2017, accessed July 13, 2017 .
- ↑ Liam Tung: Linux's systemd vulnerable to DNS server attack. In: ZDNet. June 29, 2017, accessed July 13, 2017 .
- ↑ heise Security: Systemd: DHCPv6 packets can hijack Linux computers. Retrieved October 30, 2018 (German).
- ↑ Linux systemd Affected by Memory Corruption Vulnerabilities, No Patches Yet. In: Slashdot . January 10, 2019, accessed on January 22, 2019 .