Re: [DNG] Nasty Linux systemd security bug revealed

2021-08-22 Thread aitor
Hi Alessandro, On 15/8/21 18:08, Alessandro Vesely via Dng wrote: I guess we all ended up developing something similar. My take: http://www.tana.it/svn/zdkimfilter/trunk/src/cstring.h http://www.tana.it/svn/zdkimfilter/trunk/src/cstring.c It's harsh as it assumes the caller _always_ checks retu

Re: [DNG] Nasty Linux systemd security bug revealed

2021-08-15 Thread Alessandro Vesely via Dng
On Thu 12/Aug/2021 13:12:29 +0200 Aitor wrote: On 31/7/21 11:20, aitor wrote: Sometimes I use the following buffer struct for dynamic allocation: https://gitea.devuan.dev/aitor_czr/libnetaid/src/branch/master/backend_src/sbuf.c I guess we all ended up developing something similar. My take

Re: [DNG] Nasty Linux systemd security bug revealed

2021-08-12 Thread Steve Litt
aitor said on Thu, 12 Aug 2021 13:41:44 +0200 >On 12/8/21 13:12, aitor wrote: >>     struct sbuf s  __cleanbuf__(free_buf); >I rectify: > >struct sbuf s  __cleanbuf__; > >being: > >#define __cleanbuf__ __attribute__((cleanup(free_buf))) I see the attraction, Aitor, but doing this has some downs

Re: [DNG] Nasty Linux systemd security bug revealed

2021-08-12 Thread aitor
On 12/8/21 13:12, aitor wrote:     struct sbuf s  __cleanbuf__(free_buf); I rectify: struct sbuf s  __cleanbuf__; being: #define __cleanbuf__ __attribute__((cleanup(free_buf))) ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org

Re: [DNG] Nasty Linux systemd security bug revealed

2021-08-12 Thread aitor
Hi, On 31/7/21 11:20, aitor wrote: On 31/7/21 3:02, Bruce Perens via Dng wrote: If you want this, it's easy enough to allocate your own stack, and write functions that allocate from it and release the allocation. Sometimes I use the following buffer struct for dynamic allocation: https://git

Re: [DNG] Nasty Linux systemd security bug revealed

2021-08-01 Thread al3xu5
Hi Thu, 29 Jul 2021 16:57:44 -0400 - Steve Litt : > al3xu5 said on Thu, 29 Jul 2021 17:33:10 +0200 > > > >9) Write code to debug and log > > I'm not sure what you mean here. Do you mean to write errors and > warnings to log files, or do you mean something more. Both. I do definitely mean

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-31 Thread Didier Kryn
Le 30/07/2021 à 15:24, Enrico Weigelt, metux IT consult a écrit : > On 21.07.21 14:36, Didier Kryn wrote: > >> I want to add to the comments that this alloca() function has been >> added (by gcc ?) to work around a missing feature of the C language: >> dynamic allocation on the stack. > > Wha

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-31 Thread aitor
Hi, On 31/7/21 3:02, Bruce Perens via Dng wrote: If you want this, it's easy enough to allocate your own stack, and write functions that allocate from it and release the allocation. Sometimes I use the following buffer struct for dynamic allocation: https://gitea.devuan.dev/aitor_czr/libnetai

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-30 Thread Bruce Perens via Dng
If you want this, it's easy enough to allocate your own stack, and write functions that allocate from it and release the allocation. If you were writing in C++, you could make releasing the allocation automatic. I think this illustrates why the kernel developers are taking Rust seriously. On Fri,

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-30 Thread Steve Litt
Enrico Weigelt, metux IT consult said on Fri, 30 Jul 2021 15:24:07 +0200 >In kernel space, we have the golden rule of not doing any larger stack >allocations, even not larger fixed sized arrays. Larger than how much? Surely bestdistro[12]; strncpy(bestdistro, "Devuan", strlen("Devuan")); would

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-30 Thread Enrico Weigelt, metux IT consult
On 21.07.21 14:36, Didier Kryn wrote:     I want to add to the comments that this alloca() function has been added (by gcc ?) to work around a missing feature of the C language: dynamic allocation on the stack. What you *actually* want is not "on stack" (directly), but automatically freed wh

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-30 Thread Arnt Karlsen
On Thu, 29 Jul 2021 20:10:24 -0400, Hendrik wrote in message <20210730001024.rjm4r3fxejkxe...@topoi.pooq.com>: > On Thu, Jul 29, 2021 at 04:57:44PM -0400, Steve Litt wrote: > > al3xu5 said on Thu, 29 Jul 2021 17:33:10 +0200 > > > > > >11) Document and document and document all the code (vars, >

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-30 Thread Steve Litt
Hendrik Boom said on Thu, 29 Jul 2021 20:10:24 -0400 >On Thu, Jul 29, 2021 at 04:57:44PM -0400, Steve Litt wrote: >> al3xu5 said on Thu, 29 Jul 2021 17:33:10 +0200 >> > >> >11) Document and document and document all the code (vars, >> >functions, errors etc. ... all) >> >> I do that: Nobody e

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-29 Thread Hendrik Boom
On Thu, Jul 29, 2021 at 04:57:44PM -0400, Steve Litt wrote: > al3xu5 said on Thu, 29 Jul 2021 17:33:10 +0200 > > > >11) Document and document and document all the code (vars, functions, > >errors etc. ... all) > > I do that: Nobody else does. It really makes things difficult when I > need to work

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-29 Thread Steve Litt
al3xu5 said on Thu, 29 Jul 2021 17:33:10 +0200 > >9) Write code to debug and log I'm not sure what you mean here. Do you mean to write errors and warnings to log files, or do you mean something more. > >10) Handle all kind of errors I know that's the *right* thing to do, and I do it often, bu

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-29 Thread Steve Litt
tempforever said on Thu, 29 Jul 2021 12:13:51 -0400 >Is this commandment (the code of one subroutine fitting into one >screen) an absolute rule?  What about, for example, assembly-language >programming?  Must I buy a bigger screen? :-) >I will admit that I do very little assembly anymore, so this

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-29 Thread Dr. Nikolaus Klepp
Anno domini 2021 Thu, 29 Jul 10:57:50 -0700 spiralofh...@spiralofhope.com scripsit: > On Thu, 29 Jul 2021 17:33:10 +0200 > al3xu5 wrote: > > > 11) Document and document and document all the code (vars, functions, > > errors etc. ... all) > > It was mentioned earlier; variables and functions wou

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-29 Thread spiralofhope
On Thu, 29 Jul 2021 17:33:10 +0200 al3xu5 wrote: > 11) Document and document and document all the code (vars, functions, > errors etc. ... all) It was mentioned earlier; variables and functions wouldn't need much (if any) documentation if they were long and descriptive. I like using short phras

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-29 Thread Josef Grosch via Dng
On 7/29/21 9:13 AM, tempforever wrote: Is this commandment (the code of one subroutine fitting into one screen) an absolute rule?  What about, for example, assembly-language programming?  Must I buy a bigger screen? :-) I will admit that I do very little assembly anymore, so this wouldn't affect

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-29 Thread tempforever
Is this commandment (the code of one subroutine fitting into one screen) an absolute rule?  What about, for example, assembly-language programming?  Must I buy a bigger screen? :-) I will admit that I do very little assembly anymore, so this wouldn't affect me much now.  I have many routines in C t

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-29 Thread al3xu5
Tue, 27 Jul 2021 07:31:12 -0700 - Josef Grosch : > On 7/26/21 11:26 PM, tito via Dng wrote: > > On Mon, 26 Jul 2021 22:53:02 -0400 > > Steve Litt wrote: > > > >> Hendrik Boom said on Mon, 26 Jul 2021 17:21:24 -0400 > >> > >>> On Mon, Jul 26, 2021 at 11:48:53AM -0400, Steve Litt wrote: > >>>

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-27 Thread tito via Dng
On Tue, 27 Jul 2021 13:11:47 -0400 Steve Litt wrote: > tito via Dng said on Tue, 27 Jul 2021 08:26:03 +0200 > > > >Ten Commandments > > > > 1) use the least amount of code possible > > 2) try harder and go to point 1 > > 3) if the code doesn't fit into one screen go to point 2 > > 4) always

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-27 Thread tito via Dng
On Tue, 27 Jul 2021 13:07:01 -0400 Steve Litt wrote: > tito via Dng said on Tue, 27 Jul 2021 08:26:03 +0200 > > > >Ten Commandments > > > > 1) use the least amount of code possible > > 2) try harder and go to point 1 > > 3) if the code doesn't fit into one screen go to point 2 > > Do you me

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-27 Thread Steve Litt
Josef Grosch via Dng said on Tue, 27 Jul 2021 07:31:12 -0700 >7) Pay attention to the scope of variables and functions. LOL. When I was a lot younger and stupider, my C code enabling 40 data entry people to input data crashed once or twice a day, costing about 1/2 hour of work for each (20 hours

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-27 Thread Steve Litt
Miles Fidelman said on Tue, 27 Jul 2021 09:59:49 -0400 Andreas Messer said on Mon, 26 Jul 2021 09:38:23 +0200 > My feeling is, that you can not simply teach someone how to write > safe software. Why not? You can teach a person to do anything else. But maybe not

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-27 Thread Steve Litt
tito via Dng said on Tue, 27 Jul 2021 08:26:03 +0200 >Ten Commandments > > 1) use the least amount of code possible > 2) try harder and go to point 1 > 3) if the code doesn't fit into one screen go to point 2 > 4) always initialize your vars at declaration time > 5) always set your vars to N

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-27 Thread Steve Litt
tito via Dng said on Tue, 27 Jul 2021 08:26:03 +0200 >Ten Commandments > > 1) use the least amount of code possible > 2) try harder and go to point 1 > 3) if the code doesn't fit into one screen go to point 2 Do you mean if the code OF ONE SUBROUTINE doesn't fit into one screen, go to point 2

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-27 Thread Josef Grosch via Dng
On 7/26/21 11:26 PM, tito via Dng wrote: On Mon, 26 Jul 2021 22:53:02 -0400 Steve Litt wrote: Hendrik Boom said on Mon, 26 Jul 2021 17:21:24 -0400 On Mon, Jul 26, 2021 at 11:48:53AM -0400, Steve Litt wrote: Andreas Messer said on Mon, 26 Jul 2021 09:38:23 +0200 My feeling is, that you

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-27 Thread Miles Fidelman
Andreas Messer said on Mon, 26 Jul 2021 09:38:23 +0200 My feeling is, that you can not simply teach someone how to write safe software. Why not? You can teach a person to do anything else. But maybe not in college, because college is built to make money, not to teach. Consider the average t

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-27 Thread g4sra via Dng
On Tuesday, July 27th, 2021 at 7:26 AM, tito via Dng wrote: > On Mon, 26 Jul 2021 22:53:02 -0400 > Steve Litt sl...@troubleshooters.com wrote: > > Hendrik Boom said on Mon, 26 Jul 2021 17:21:24 -0400 > > > On Mon, Jul 26, 2021 at 11:48:53AM -0400, Steve Litt wrote: > > > > Andreas Messer said on M

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-26 Thread tito via Dng
On Mon, 26 Jul 2021 22:53:02 -0400 Steve Litt wrote: > Hendrik Boom said on Mon, 26 Jul 2021 17:21:24 -0400 > > >On Mon, Jul 26, 2021 at 11:48:53AM -0400, Steve Litt wrote: > >> Andreas Messer said on Mon, 26 Jul 2021 09:38:23 +0200 > >> > >> > >> >My feeling is, that you can not simply teac

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-26 Thread Steve Litt
Hendrik Boom said on Mon, 26 Jul 2021 17:21:24 -0400 >On Mon, Jul 26, 2021 at 11:48:53AM -0400, Steve Litt wrote: >> Andreas Messer said on Mon, 26 Jul 2021 09:38:23 +0200 >> >> >> >My feeling is, that you can not simply teach someone how to write >> >safe software. >> >> Why not? You can

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-26 Thread Hendrik Boom
On Mon, Jul 26, 2021 at 11:48:53AM -0400, Steve Litt wrote: > Andreas Messer said on Mon, 26 Jul 2021 09:38:23 +0200 > > > >My feeling is, that you can not simply teach someone how to write safe > >software. > > Why not? You can teach a person to do anything else. But maybe not in > college, be

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-26 Thread Steve Litt
g4sra via Dng said on Mon, 26 Jul 2021 16:33:45 + >On Monday, July 26th, 2021 at 4:48 PM, Steve Litt > wrote: >> Let's start with input field cleansing and >> protection from errant pointers and buffer overflow. There are many >> more: >Yeah, that's what they taught me at college :). OK,

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-26 Thread g4sra via Dng
<--snip--> > > > > > > Agreed, we must have all at least heard of Kevin Mitnick, > There you go with assumptions, something you should never do. I have > absolutely no idea who Kevin Mitnick is, I had never heard that name > until you posted it. > > Rowland It wasn't my intention to be educati

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-26 Thread Rowland Penny via Dng
On Mon, 2021-07-26 at 16:33 +, g4sra via Dng wrote: > On Monday, July 26th, 2021 at 4:48 PM, Steve Litt < > sl...@troubleshooters.com> wrote: > > Andreas Messer said on Mon, 26 Jul 2021 09:38:23 +0200 > > > > > My feeling is, that you can not simply teach someone how to write > > > safe softwa

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-26 Thread g4sra via Dng
Sent with ProtonMail Secure Email. ‐‐‐ Original Message ‐‐‐ On Monday, July 26th, 2021 at 5:39 PM, Dr. Nikolaus Klepp wrote: > Anno domini 2021 Mon, 26 Jul 16:33:45 + > > g4sra via Dng scripsit: > > > [...] > > > > > It takes some effort to learn, but I doubt it's rocket sc

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-26 Thread Dr. Nikolaus Klepp
Anno domini 2021 Mon, 26 Jul 16:33:45 + g4sra via Dng scripsit: > [...] > > It takes some effort to learn, but I doubt it's rocket science > Which is why they call it Computer Science, it's harder. > Rocket Science has a formula for everything, even the top AI experts cannot > formulate the i

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-26 Thread g4sra via Dng
On Monday, July 26th, 2021 at 4:48 PM, Steve Litt wrote: > Andreas Messer said on Mon, 26 Jul 2021 09:38:23 +0200 > > > My feeling is, that you can not simply teach someone how to write safe > > software. > > Why not? You can teach a person to do anything else. But maybe not in > college, be

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-26 Thread Steve Litt
Andreas Messer said on Mon, 26 Jul 2021 09:38:23 +0200 >My feeling is, that you can not simply teach someone how to write safe >software. Why not? You can teach a person to do anything else. But maybe not in college, because college is built to make money, not to teach. Consider the average tex

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-26 Thread Andreas Messer
On Sun, Jul 25, 2021 at 07:51:50PM -0400, Steve Litt wrote: > g4sra via Dng said on Sun, 25 Jul 2021 10:26:46 + > > > >And this is why ever sice I entered the profession I have maintained > >that programmers should be vetted and certified in a similar manner to > >other professions such as do

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-25 Thread Steve Litt
g4sra via Dng said on Sun, 25 Jul 2021 10:26:46 + >And this is why ever sice I entered the profession I have maintained >that programmers should be vetted and certified in a similar manner to >other professions such as doctors and lawyers, carrying a similar >social status. Only those with th

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-25 Thread g4sra via Dng
On Sunday, July 25th, 2021 at 6:53 PM, Simon Hobson wrote: > Andreas Messer a...@bastelmap.de wrote: > > > Once we had a crash in > > simple limit switch device. As a result the high-rack robot pushed a > > pallet in 15m height out of the rack. Fortunately, it was just another > > robot which w

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-25 Thread Simon Hobson
Andreas Messer wrote: > Once we had a crash in > simple limit switch device. As a result the high-rack robot pushed a > pallet in 15m height out of the rack. Fortunately, it was just another > robot which was destroyed (stood just below) - not a human being. Still > a very expensive case for the

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-25 Thread g4sra via Dng
<--snip--> > Why I'm so critical about letting it crash: I typically deal with stack > sizes of no more around 2-8kB in automation devices and have to be careful > with that. You can't simply let a newspaper printing machine's motor control > crash, 1000's of newspaper pages would be trashed. Once

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-25 Thread Andreas Messer
On Sat, Jul 24, 2021 at 05:35:10PM +0200, Didier Kryn wrote: >     However the manual of alloca() states that "There is no error > indication if the stack  frame  cannot  be  extended." If the same would > happen with automatic variables, I would expect a crash; otherwise it > would be a serious fl

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-24 Thread Didier Kryn
Le 22/07/2021 à 20:53, Andreas Messer a écrit : > Hi, > > On Thu, Jul 22, 2021 at 07:53:58AM +0200, Didier Kryn wrote: >>     There's a choice of options in GCC to deal with stack protection. >> Eg:  -fstack-check >> >>     Plus a bunch of macros. >> >>     They all deal with allocation of automati

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-22 Thread Andreas Messer
Hi, On Thu, Jul 22, 2021 at 07:53:58AM +0200, Didier Kryn wrote: >     There's a choice of options in GCC to deal with stack protection. > Eg:  -fstack-check > >     Plus a bunch of macros. > >     They all deal with allocation of automatic variables. For alloca(), > instead, there's explicitely

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-21 Thread Didier Kryn
Le 21/07/2021 à 21:08, Andreas Messer a écrit : > On Wed, Jul 21, 2021 at 02:36:16PM +0200, Didier Kryn wrote: >> added (by gcc ?) to work around a missing feature of the C language: >> dynamic allocation on the stack. This lack has disapeared many years ago >> ( don't know with which version of th

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-21 Thread Steve Litt
Bernard Rosset via Dng said on Wed, 21 Jul 2021 18:17:43 +0200 >>     I've found a discussion between a developper and Lennart >> Poeterring in which LP recommends the addition of this kind of >> functions in Musl libc (which will certainly never happen). It's >> slightly amusing how the author o

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-21 Thread Andreas Messer
On Wed, Jul 21, 2021 at 02:36:16PM +0200, Didier Kryn wrote: > added (by gcc ?) to work around a missing feature of the C language: > dynamic allocation on the stack. This lack has disapeared many years ago > ( don't know with which version of the C standard) , with the following > form of allocati

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-21 Thread Didier Kryn
Le 21/07/2021 à 18:19, Tomasz Torcz a écrit : > On Wed, Jul 21, 2021 at 06:00:15PM +0200, Didier Kryn wrote: >> Le 21/07/2021 à 16:51, Bernard Rosset via Dng a écrit : https://www.zdnet.com/article/nasty-linux-systemd-security-bug-revealed/ >>> I'll be projecting myself here, but I reckon shar

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-21 Thread Tomasz Torcz
On Wed, Jul 21, 2021 at 06:00:15PM +0200, Didier Kryn wrote: > Le 21/07/2021 à 16:51, Bernard Rosset via Dng a écrit : > >> https://www.zdnet.com/article/nasty-linux-systemd-security-bug-revealed/ > > > > I'll be projecting myself here, but I reckon sharing the original > > source rather than journ

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-21 Thread Bernard Rosset via Dng
    I've found a discussion between a developper and Lennart Poeterring in which LP recommends the addition of this kind of functions in Musl libc (which will certainly never happen). It's slightly amusing how the author of such a critical software as systemd lacks a culture of security. Many t

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-21 Thread Didier Kryn
Le 21/07/2021 à 16:51, Bernard Rosset via Dng a écrit : >> https://www.zdnet.com/article/nasty-linux-systemd-security-bug-revealed/ > > I'll be projecting myself here, but I reckon sharing the original > source rather than journalistic articles whenever possible is best > towards a tech-savvy audie

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-21 Thread Bernard Rosset via Dng
https://www.zdnet.com/article/nasty-linux-systemd-security-bug-revealed/ I'll be projecting myself here, but I reckon sharing the original source rather than journalistic articles whenever possible is best towards a tech-savvy audience. The source (included in above article) is here: https:

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-21 Thread Didier Kryn
Le 21/07/2021 à 15:47, William Gallafent via Dng a écrit : > According to a man page I happen to have in front of me, “alloca() > appeared in Version 32V AT&T UNIX.” > > I've certainly seen it in use on code originally written during the > last millennium for SGI IRIX, and then ported to several ot

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-21 Thread William Gallafent via Dng
On Wed, 21 Jul 2021 at 13:36, Didier Kryn wrote: > I want to add to the comments that this alloca() function has been > added (by gcc ?) to work around a missing feature of the C language: > dynamic allocation on the stack. This lack has disapeared many years ago > ( don't know with which vers

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-21 Thread Didier Kryn
Le 20/07/2021 à 22:08, Dr. Nikolaus Klepp a écrit : > Just in case sombody missed it: > > https://www.zdnet.com/article/nasty-linux-systemd-security-bug-revealed/ > > > "Systemd, the Linux system and service manager that has largely > replaced init as the master Linux startup and control program, h

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-20 Thread Steve Litt
goli...@devuan.org said on Tue, 20 Jul 2021 16:20:33 -0500 >On 2021-07-20 15:52, Joel Roth via Dng wrote: >> On Tue, Jul 20, 2021 at 10:08:48PM +0200, Dr. Nikolaus Klepp wrote: [snip] >>> In a phrase, "that's bad, that's really bad." >> >> It seems that this is the tip of what will be be a

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-20 Thread Steve Litt
Dr. Nikolaus Klepp said on Tue, 20 Jul 2021 22:08:48 +0200 >Just in case sombody missed it: > >https://www.zdnet.com/article/nasty-linux-systemd-security-bug-revealed/ The exploit happens by mounting something to a very long path, crashing systemd. I'd like to remind everyone that the s6 init sy

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-20 Thread golinux
On 2021-07-20 15:52, Joel Roth via Dng wrote: On Tue, Jul 20, 2021 at 10:08:48PM +0200, Dr. Nikolaus Klepp wrote: Just in case sombody missed it: https://www.zdnet.com/article/nasty-linux-systemd-security-bug-revealed/ "Systemd, the Linux system and service manager that has largely replaced

Re: [DNG] Nasty Linux systemd security bug revealed

2021-07-20 Thread Joel Roth via Dng
On Tue, Jul 20, 2021 at 10:08:48PM +0200, Dr. Nikolaus Klepp wrote: > Just in case sombody missed it: > > https://www.zdnet.com/article/nasty-linux-systemd-security-bug-revealed/ > > > "Systemd, the Linux system and service manager that has largely replaced init > as the master Linux startup an

[DNG] Nasty Linux systemd security bug revealed

2021-07-20 Thread Dr. Nikolaus Klepp
Just in case sombody missed it: https://www.zdnet.com/article/nasty-linux-systemd-security-bug-revealed/ "Systemd, the Linux system and service manager that has largely replaced init as the master Linux startup and control program, has always had its critics. Now, with Qualys's discovery of a