Nobody is packaging a standard init script across all distros, basically. A script is expected to be unique per machine or at least per admin setting up a set of machines. A binary could have a secret exploit installed in it that nobody can see/audit before it’s too late.
At least that’s the theory. Personally I love systemd
Init scripts are just scripts. Technically, they don’t introduce any unique vulnerabilities of their own. Just the flaws in the shell itself or server binaries. A poorly written script absolutely can and will still fuck your day up.
SystemD is a program. Which could introduce its own unique buffer overflows or use after free opportunities. I’ve not heard of any. But its possible. However, its standard set of interfaces and systems make the risks of writing your own bad scripts or just using other people’s random bad scripts like we used to much less an issue.
Why are binaries uniquely attackable in a way that init scripts aren’t?
Nobody is packaging a standard init script across all distros, basically. A script is expected to be unique per machine or at least per admin setting up a set of machines. A binary could have a secret exploit installed in it that nobody can see/audit before it’s too late.
At least that’s the theory. Personally I love systemd
Init scripts are just scripts. Technically, they don’t introduce any unique vulnerabilities of their own. Just the flaws in the shell itself or server binaries. A poorly written script absolutely can and will still fuck your day up.
SystemD is a program. Which could introduce its own unique buffer overflows or use after free opportunities. I’ve not heard of any. But its possible. However, its standard set of interfaces and systems make the risks of writing your own bad scripts or just using other people’s random bad scripts like we used to much less an issue.