A post from DJ Ware and I think this is actually really concerning to all of us who use SystemD in this distribution of OpenMandriva.
Really, we gotta create create a option during installation that you can either choose SystemD or something else like SysV, OpenRC, Runit, s6, or something.
What do you guys think about this situation? It’s kinda serious for security if I am correct.
It has been my suspicion that there has been data abstraction due to complex projects running the core infrastructure of FOSS systems. Projects like systemd and the kernel would require auditors motivated to protect the consumer from harm. It would take teams of people several years just to audit the Linux kernel to find any possible issues that have been “overlooked,” or left unpatched.
MITRE/CVE is largely funded by the same tech oligarchy funding Fedora and the Linux Foundation. They are motivated to help their benefactors increase their profits so the donations to these foundations will stay steady or increase. This is why you see these foundations spending their money on technology that has nothing to do with the projects they fund (i.e. AI in both Mozilla and Linux Foundations).
In short, the idea for different init systems has been discussed and I don’t think people are opposed to it. There just needs to be maintainers with knowledge willing to assist with it via spins so a proof of concept can be reviewed.
I see, but what kind of concept really? Is it the Init systems?
Well, the major desktops are plugged into systemd for a lot of their backend tasks. OpenRC had their own drop in implementation to behave like systemd, but they are questionable also.
This is above my knowledge gradient but I did what the message said to check OM Rock 6.
There are a lot of the sd_ things showing up. Not good, me thinks.
systemdconcern.txt (12.7 KB)
Also rkhunter suggests there are two possible rootkits on my system
there is a gpl program bpf is gpl v2 from kernel.org :
maybe bpftool is a way to see process on cpu groups , nothing else
Why is it questionable exactly?
Fair enough. Also above my own knowledge gradient, not a Sys Admin.
Not exactly good as you say, the SystemD needs a great replacement for this one.
That doesn’t sound good, rootkits are malicious computer viruses that could lead to exploitation of SystemD, which is a huge problem (Or the kernel itself, which could be your computer). I knew that SystemD would be insecure as well. Better use an AntiVirus like ClemAV or turn on the Firewall like Gufw (Uncomplicated FireWall) or the built-in one from KDE (If you use KDE) or the one that is in the security section in the OM welcomer.
or the one that is in the security section in the OM welcomer.
never noticed that there is a firewall option in the welcome app. thanks : )
Gutting out SystemD can be a PITA…I tried Artix over the weekend(that flaky nonsense is not for me) and I was getting ready to hop to Devuan on my main rig but just chose OM for my hop tonight because you guys have much better Nvidia support. Its rough out here lol
They are not focused on making good software:
systemd has one, as well. Though you could argue it’s somehow less targeting:
The better approach might be to fork systemd, fix the issue with pid 1, and split the components into helpers.
Managed to report it to the GitHub just for you. I hope this gets resolved.
Yeah I know this was BS from OpenRC when I saw the words “Contributor Covenant”
From this text: This Code of Conduct is adapted from the Contributor Covenant, version 2.1, available at Contributor Covenant:.
Seriously, I thought they were not woke. And this:
Other conduct which could reasonably be considered inappropriate in a professional setting
Seriously, do we need an alternative now for OpenRC? If so, which one is it?
I know, I even also tried using non-systemd alternatives but guess they are in no good use? Really, also, this might be a chance that this might actually be getting reported as a bug in their GitHub repository of distribution. Take a look: SystemD: RootKit & sd_ everywhere · Issue #3262 · OpenMandrivaAssociation/distribution · GitHub
Nothing to be concerned about here, other than the usual “systemd tries to do too much”.
The behavior is documented, not malicious, and even useful.
Essentially, systemd sets up a bpf firewall that enables it to restrict services’ network access - it’s a security feature, not a bug.
This is what it is used/useful for:
Is it possible to accomplish this by other means? Yes.
Is it possible to accomplish this by other means in a way that would enable a beginner to make use of the functionality? Not so much.
Should there be a switch to turn it off? Absolutely, systemd has never been great at making some of its features optional.
Since systemd’s job is to launch services and control what they do (FWIW this type of functionality was available in earlier applications that systemd mostly replaced - such as inetd/xinetd - as well, implemented through tcp_wrappers), I’d argue it is actually doing the right thing here.
Rootkits detecting this as a possible rootkit is a false positive, but certainly understandable given they should be watching out for anything potentially messing with network traffic. They need to be updated to understand this is a false positive.
While I have a few issues with systemd myself (it’s trying to do too much, some of its code isn’t great, …), it is nowhere near as bad as its opponents are saying.
I don’t think this answers our questions.
Do you think we’ll pull support for other initialization systems?
I am not sure about that one. But I think they or we should.
Appreciate the factual explanation of the issue at hand Bero.
While every question should indeed be explored, and bugs and exploits are found when someone says “hey why is this happening?”, the world is imperfect and will always be imperfect @SilentRanger. We can not fight every battle, and there are not enough programmers nor time in the world to fix every wrong.
We do the best we can, enjoy life, and don’t let it drive us mad. Question yes. Wise choices yes. Let it ruin us no.
Also welcome @yurimodin! Welcome to the team, really glad you are here, and I hope you really really enjoy using OpenMandriva.
THANKS, I want to enjoy using OM but I can’t get it installed to save my life. I have tried every KDE & lxqt image of you guys I can get my hands on, Rock/Rome doesnt matter. 5800x3d and a RTX3080…single monitor, dual monitor, black screen, black screen, black screen, black screen…I got Rome wayland to actually install off a single side monitor but upon reboot… black screen. Installed proprietary drivers via command line from the non-free repos…black screen. I can’t even get it to go via x11. Every live usb x11 or wayland…black screen. Be nice if I could get a CLI install and build up from there but it does not seem to be an option.
