Systemd as PID1 has zero attack surface towards the outside. The only way ever to be able to exploit PID1 is by already having gained access to the system by eg. exploiting a process that can reached from the net.

It therefore follows logically, that if one cares about PID1, it is vital to secure PID's that has an reachable attack surface like webservers.

When it comes to supervising and protecting processes, systemd really shines; Thanks to inbuilt easy support for kernel capabilities, it is trivial to lock down such exposed processes.
Take for example the option: "NoNewPrivileges=" If that is enabled when the process is started, it can never ever gain new privileges. So no easy privilege escalation for the intruder.

Other options sets capabilities bounds, another can even be used to white/black-list exactly what systemcalls the process (and all its children) are allowed to use. White/black-list what directories a certain process can see etc.
More examples here:


On Linux kernel capabilities:


The great thing about all this extra security that systemd can provide, is that much of it can be used without end users doing anything. The options comes for "free" in the distros unit files. There is no need for changing the programs either, so developers doesn't have to restrict themselves or to read up on security aspects they don't care about.

We are not yet in security Nirvana where every application and every running process is properly sand-boxed, but systemd security on top of a MAC like SElinux is getting much closer.

Those really serious about locking down their systems can of course start using some of the more hardcore systemd options right away. As an interesting fact, even PID1 (systemd) can be capability bound, meaning that it can be restricted to only see a limited part of the system, and only use certain features, even though it runs as root. So even compromising PID1 doesn't necessarily mean unrestricted root control.

There was some talk about the possibility of doing Xserver rootless for a lot of years, but nothing concrete happened.

And systemd had something to do about this.

to make x set devices over logind ...


i'l let Michael explain how rootless X is made possible (note the absence of logind and especially of PAM)

(hint: it's a kernel thing for the most part)
give credit where credit is due, this time it is to the linux graphics gurus (and memory management probably)

something else you would like to point out ?

PS it works without logind... it's even default on bsd

PPS http://lists.x.org/archives/xorg-dev...ly/001293.html guess you can also thank the embedded devs while you'r at it

I think the point is that the systemd patches now actually makes it safe to run X as non-root on multi-user systems. (Moblin from your second link was single user). There have been several problems like input devices etc. that could lead to massive security problems when running X as a non-root user.

Here is a link explaining why non-root X servers hasn't gained traction even though there have been hardware support for it:


Here is another:

that explains some of the problems systemd/logind solves like revoking sessions when they becomes inactive etc.

if it does it like console kit did, then it just changes the problem (and makes people believe it has been solved)
not that it matters as X input handling is the biggest security problem, one that can not be solved in X (it would not be X then, or with another solution that comes to mind it would not be linux anymore)

does not matter anyway as the problems will be solved properly with wayland and it's spawns, not by ugly hacking around
i hope at least, i don't care about security enough to check

systemd's only original thing is the session management, and not even that is original (or something that linux natively lacks, even thou it does but does in a way but does not not solve the bigger problem (not fully solved with mentioned things either))

PS i'm not talking about sessions on purpose and i won't reply to any such things (maybe if console kit and the like are not the topic i would)

just feels like people think that the systemd people made all they use, when i don't honestly know of anything worth mentioning that they themselves made
(except... maybe.. console kit; even thou i can't, in my honest opinion, say it is a good thing, but i guess it would be worth mentioning)
actually, i'm sorry, just wanted to correct to who the credit should go to

systemd = just another NSA-sponsored injection into the Linux bloodsystem.

Is this opinion or fact?

it depends on how much you want to read into these, unless you're just a blind fanbot,
but systemD'uh, is far from perfect ?:

No, it doesn't depend on some random blog post or boycott website, to support your claim that this is NSA-sponsored stuff you have to privide evidence for a connection of the systemd developers and the NSA, and/or review the code and actually find a backdoor.

The Snowden's,..., and Assange's already DID
-too stoopid to look ?