On 10/10/2014 3:48 PM, Russell Coker wrote:
On Fri, 10 Oct 2014, Brian May <brian@microcomaustralia.com.au> wrote:
It can replace annoying init.d scripts, that are deceptively hard to write, often are very buggy and suffer from various race conditions.
Also init scripts often allow non-root daemons to have access to the same tty that is used for the sysadmin shell. That means if an attacker can compromise a daemon at startup (EG replace programs it runs at start before detaching from the tty) then they can push characters into the root keyboard buffer.
systemd can be compromised under the same conditions, it isn't immune to having non-authorized updates to the machine. What's more, systemd is a /fairly/ new set of code, okay, not really new, but the size of the code and the /feature creep/ that has been seed means more new code all the time ... leading to more potential bugs with each code extension. Nightmare. A.