Systemd now has over 1.2 million lines of code

Systemd is an initialization system and a daemon which has been specifically designed for the Linux kernel as an alternative to the System V startup daemon (sysvinit). Its main goal is to provide a better framework for managing dependencies between services, allowing parallel loading of services at startup and reducing calls to Shell scripts.

After exceeding a million lines of code in 2017, systemd's Git repository indicates that now reaches 1.207.302 lines of code. These 1.2 million lines are spread across 3,260 files and consist of 40,057 confirmations from nearly 1,400 different authors.

Systemd recorded a record number of commits last year, but so far, it's hard to imagine that this record could be broken in 2019.

This year, there have already been 2 commits. Last year, the statistics showed 145, while in 2016 and 2017 the system totaled less than a little more than four thousand commits.

Lennart Poettering remains the most prominent contributor for systemd with more than 32% of commits so far this year.

After him we can find that other authors who follow Lennart Poettering this year are Yu Watanabe, Zbigniew Jędrzejewski-Szmek, Frantisek Sumsal, Susant Sahani and Evgeny Vereshchagin. Around 142 people have contributed to the Systemd source tree since the beginning of the year.

Systemd is still not liked by many

Although today most GNU / Linux distributions adopt systemd, this has been heavily criticized (and it is not for others) by some members of the open source community, which believe that the project goes against the philosophy of Unix and that its developers have anti-Unix behavior, because systemd is incompatible with all non-Linux systems.

It is because of that It is important to remember that systemd was at the origin of the Debian community split when it decided to adopt it. as the default initialization system, despite threats from some taxpayers.

With which before such actions so they left the Debian project to create a fork called Devuan (a Debian that doesn't use systemd).

For the primary goal of the project is to provide a variant of Debian without the complexities and dependencies of systemd, an init system and service manager originally developed by Red Hat and later adopted by most other distros.

And is that at the beginning of the year we reported that some of the major Linux distributions were vulnerable to some systemd bugs.

Related article:

A new vulnerability was discovered in Systemd

Among part of the errors that existed, one of them was in the 'journald' service, which collects and stores log data. They could be exploited to gain root privileges on the target machine or to reveal information.

Some of these errors were discovered by researchers at the security firm Qualys, the flaws were two memory corruption vulnerabilities (stack buffer overflow - CVE-2018-16864 and unlimited memory allocation - CVE-2018-16865) and one allowing information leak (read out of bounds, CVE- 2018-16866).

The researchers developed an exploit for CVE-2018-16865 and CVE-2018-16866 which provides a local root shell on x86 and x64 machines.

The exploit ran faster on x86 platform and reached its goal in ten minutes. At x64, the exploit took 70 minutes.

Qualys had announced that it planned to release the PoC exploit code to prove the existence of flaws and explained in detail how it was able to exploit these flaws. The researchers also developed a proof of concept for CVE-2018-16864 that allows you to take control of eip, i386's instructional flag.

The buffer overflow vulnerability (CVE-2018-16864) was introduced in April 2013 (systemd v203) and made exploitable in February 2016 (systemd v230).

Regarding the unlimited memory allocation vulnerability (CVE-2018-16865), it was introduced in December 2011 (systemd v38) and made exploitable in April 2013 (systemd v201), while the memory leak vulnerability ( CVE-2018-16866) was introduced in June 2015 (systemd v221) and was inadvertently fixed in August 2018.