New SystemD Vulnerability Discovered 28 October 2018, 03:18:23 https://www.theregister.co.uk/2018/10/26/systemd_dhcpv6_rce/ (nice title)https://news.slashdot.org/story/18/10/27/196227/new-systemd-vulnerability-discoveredWhat worries me is how silly the buffer length has been treated ...from if (*buflen < len)to if (*buflen < offsetof(DHCP6Option, data) + len)This isn't about init system and unix philosophy, it's plain bad
Re: New SystemD Vulnerability Discovered Reply #1 – 29 October 2018, 19:57:58 Systemd is not only init for a very long time.Systemd is slowly swallowing things around it which are on boundary between kernel and user programs, or are just often used services, or must have things which does not belong to kernel....In this way making systemd some kind of a system which you will use to do anything.With this mindset and philosophy, How can it be safe and stable ?Also keep in mind that problems will become more and more complex.
Re: New SystemD Vulnerability Discovered Reply #2 – 29 October 2018, 21:36:16 The systemd-networkd code is horrifically bad. There's that blog post rant that's been going around, and I agree with the author although the assert_return macro doesn't really bother me as much (it's just a misleading name). The silver lining here is that not even systemd users use systemd-networkd, but it still doesn't change the fact that the design is flat out horrible.
Re: New SystemD Vulnerability Discovered Reply #3 – 29 October 2018, 21:54:45 SystemD is perfect example of "How to not do it". 1 Likes
Re: New SystemD Vulnerability Discovered Reply #4 – 30 October 2018, 05:44:32 Quote from: Sero – on 28 October 2018, 03:18:23https://www.theregister.co.uk/2018/10/26/systemd_dhcpv6_rce/ (nice title)https://news.slashdot.org/story/18/10/27/196227/new-systemd-vulnerability-discoveredWhat worries me is how silly the buffer length has been treated ...from if (*buflen < len)to if (*buflen < offsetof(DHCP6Option, data) + len)This isn't about init system and unix philosophy, it's plain badto me this code looks totally confused, assume len is an unsigned int or unsigned small int.. why does it not trigguer an error with the compiler.
Re: New SystemD Vulnerability Discovered Reply #5 – 30 October 2018, 15:02:11 Does this affect artix as i use startx ?
Re: New SystemD Vulnerability Discovered Reply #6 – 30 October 2018, 16:00:03 Quote from: Seventh – on 30 October 2018, 15:02:11Does this affect artix as i use startx ?Artix is non-systemd, so it should be a non-issue here.Best regards. 1 Likes
Topic: New SystemD Vulnerability Discovered (Read 1835 times)
previous topic - next topic
Topic: New SystemD Vulnerability Discovered (Read 1835 times)
previous topic - next topic