Systemd lead developer Lennart Poettering has posted on Mastodon about their upcoming v256 release of Systemd, which is expected to include a sudo replacem...
  • lemmyreader@lemmy.mlEnglish
    0·
    5 months ago

    This is great. Not having the attack surface of sudo (and not even being a SUID binary) certainly are great additions.

    And I hope people realize that systemd is not one large thing, but a (large) collection of tools.

    XZ-utils rings a bell ? It was among others Debian wanting to pull in part of a systemd tool into openssh and that almost turned into a world wide disaster :(

    • boredsquirrel@slrpnk.net
      0·
      5 months ago

      I didnt understand that sentence. Is that what you meant?

      Among other things, Debian wanted to integrate a part of the systemd tools into openssh, which almost led to a worldwide catastrophe

      xz is not part of systemd or openssh afaik.

      • lemmyreader@lemmy.mlEnglish
        0·
        5 months ago

        You didn’t follow the XZ-utils story ? The malicious actor worked for years on that XZ backdoor that targeted the fact that some Linux distributions were modifying their openssh package to enable systemd notifications.

        • boredsquirrel@slrpnk.net
          0·
          5 months ago

          Ok true, it was a systemd dependent issue. But it only makes sense to have those notifications. The problem is dependency on small hardly maintained products, which systemd will improve by centralizing it.

          • Macros@feddit.de
            0·
            5 months ago

            And where do maintainers for the new parts of systemd come from? The larger systemd grows the more parts of it will be neglected. Also in regard to people checking commits, opening up doors for exploits like the one in xz.