Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

1. systemd (at least the PID 1 part) does not talk to the network, so a remotely-accessible backdoor would need to be more complex (and thus more likely to be detected) than a backdoor that can be loaded into a listening daemon like openssh.

2. You can run Debian systems without systemd as PID 1, but you're still stuck with libsystemd because so many daemons now link with it.



> systemd... does not talk to the network...

Socket activation and the NFS automounter appear to.

If I run "netstat -ap" I see pid 1 listening on enabled units.

Edit: tinysshd is specifically launched this way.

Edit2: there is also substantial criticism of xz on technical grounds.

https://www.nongnu.org/lzip/xz_inadequate.html


.. well, you can use a shim package as devuan did.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: