Usage of systemd in QubesOS

Hi,

i have a question to the developers:
Why is systemd the only init system for QubesOS and why is QubesOS not usable without it like on Devuan?
I like the security concept of the OS but I saw many, many issues of systemd in the past. Also, some vulnerabilities affected systemd or became critical because of systemd’s behavior, like the xz backdoor. How does this fit with the concept of QubesOS?

Thanks in advance,
Oebbler

2 Likes

systemd is the init system of fedora, and dom0 uses fedora

this could happen to any piece of software

2 Likes

Maybe … but it happened only to systemd :laughing:
Seriously - how could it happen to initd or runit?

2 Likes

I believe what Solene mentions is a figure of speech or rhetorical (that bugs could happen to any init software or any software).

Support of multiple init system (or different dom0 Distro, different filesystems, different desktop environments, …) should be technically doable. But in practice, it would require considerable work and testing. Sometimes 3rd party developers participate and help to implement them. In other cases, there might be smaller interest. In this case, the core team has to prioritize.

This page has some notes on why Fedora was chosen (and its subsequent consequences):

look for "But why trust Fedora?"

2 Likes

Thanks, I read all that… even got tricked into arguing in other “why Fedora” threads… but not any more!

2 Likes

Exactly, I was not mentioning init systems in particular. This could happen to any piece of software.

Actually, systemd itself was sane and not exploitable. It’s a custom patch added by some distributions when compiling systemd that allowed the backdoor through xz.

1 Like

While I think the “assume you get hacked anyway” philosophy is correct and the right approach, there is still a (not-so-small) statistical difference between systemd (shivers) and e.g. runit.

https://www.cve.org/CVERecord/SearchResults?query=systemd

https://www.cve.org/CVERecord/SearchResults?query=runit

I think it has a lot to do with the number of lines of code you have (and the number of tentacles you have grown on your kraken :wink: ). runit has around 1.000 lines, systemd seems to be around 1.700.000.

If it wasn’t for Qubes OS …

2 Likes

I don’t want to go much out of topic here, but there are a few things to account:

  • systemd is a huge collection of services, they are not all required. It can manage logs, boot, secure boot, dhcp, dns, network… you can’t just compare all of this against a service manager alone
  • nobody cares about runit, a lot of people care about systemd, so more bugs are reported, hence more CVE

systemd may have issues, I don’t deny it, but it’s hard to compare it correctly to something else.

2 Likes

I got that. My answer was sarcastic and denoted a deep dissatisfaction with systemd, and nothing personal towards you.

2 Likes