Technically, sysv everything was just a file full of instructions for the shell to parse and initialize. Human readable “technically”. It was simple and light weight. SystemD is a bit heavier and more complex as a system service binary. But that load and complexity is generally offset by added features that are extremely nice to have. Providing much more standardized targets and configuration iirc.
I had to search and dig trying to figure out how to set up services properly for my distro, back in the 90s. And when/how to start/restart them. There wasn’t one way to do it all. SysD made it all much more standard, simple, and clear. It’s biggest sin, is that it’s one more binary attack surface that might be exploited.
Yeah, sysv init is all just scripts under the hood, and it’s a bit fragile/arcane. You have to write a bunch of files by hand, reference them correctly, and place and link them in the right directories. Systemd is a bit better, I have to admit that.
Nobody is packaging a standard init script across all distros, basically. A script is expected to be unique per machine or at least per admin setting up a set of machines. A binary could have a secret exploit installed in it that nobody can see/audit before it’s too late.
At least that’s the theory. Personally I love systemd
Init scripts are just scripts. Technically, they don’t introduce any unique vulnerabilities of their own. Just the flaws in the shell itself or server binaries. A poorly written script absolutely can and will still fuck your day up.
SystemD is a program. Which could introduce its own unique buffer overflows or use after free opportunities. I’ve not heard of any. But its possible. However, its standard set of interfaces and systems make the risks of writing your own bad scripts or just using other people’s random bad scripts like we used to much less an issue.
Technically, sysv everything was just a file full of instructions for the shell to parse and initialize. Human readable “technically”. It was simple and light weight. SystemD is a bit heavier and more complex as a system service binary. But that load and complexity is generally offset by added features that are extremely nice to have. Providing much more standardized targets and configuration iirc.
I had to search and dig trying to figure out how to set up services properly for my distro, back in the 90s. And when/how to start/restart them. There wasn’t one way to do it all. SysD made it all much more standard, simple, and clear. It’s biggest sin, is that it’s one more binary attack surface that might be exploited.
Yeah, sysv init is all just scripts under the hood, and it’s a bit fragile/arcane. You have to write a bunch of files by hand, reference them correctly, and place and link them in the right directories. Systemd is a bit better, I have to admit that.
Why are binaries uniquely attackable in a way that init scripts aren’t?
Nobody is packaging a standard init script across all distros, basically. A script is expected to be unique per machine or at least per admin setting up a set of machines. A binary could have a secret exploit installed in it that nobody can see/audit before it’s too late.
At least that’s the theory. Personally I love systemd
Init scripts are just scripts. Technically, they don’t introduce any unique vulnerabilities of their own. Just the flaws in the shell itself or server binaries. A poorly written script absolutely can and will still fuck your day up.
SystemD is a program. Which could introduce its own unique buffer overflows or use after free opportunities. I’ve not heard of any. But its possible. However, its standard set of interfaces and systems make the risks of writing your own bad scripts or just using other people’s random bad scripts like we used to much less an issue.