MORE SYSTEMD EXPLOITS PART II

Christian Nguyen
Christian Nguyen

SYSTEMD-JOURNALD IS VULNERABLE TO TWO MEMORY CORRUPTIONS AND ONE INFORMATION LEAK. ALL SYSTEMD LINUX SYSTEMS ARE VULNERABLE.

seclists.org/oss-sec/2019/q1/54

archive.fo/SeSiy

Attached: images.jpeg (6.89 KB, 230x219)

All urls found in this thread:

seclists.org/oss-sec/2019/q1/54
archive.fo/SeSiy
youtube.com/watch?v=CjDaaY9ceN0
en.wikipedia.org/wiki/Init
gnu.org/software/shepherd/manual/html_node/Design-decisions.html#Design-decisions
steemit.com/linux/@crokkon/firefox-and-alsa-sound-without-pulseaudio

Colton Cruz
Colton Cruz

This is why operating systems should be re-written in SPARK and formally verified.
Ada masterrace :^)

Caleb Brooks
Caleb Brooks

Eagerly awaiting the "not my problem" response.

David Perez
David Perez

That's inconceivable!

Gabriel Powell
Gabriel Powell

The Multicsfag will blame Unix for this, as if systemd would be a well-written program in any language or operating system.

Attached: Oekaki.png (13.99 KB, 500x250)

Logan Lewis
Logan Lewis

Does it have anything to do with binary logs?
:^)

Colton Taylor
Colton Taylor

It wouldn't even make sense for him to do that. Systemd is actively defiant against the Unix philosophy.

Brody Davis
Brody Davis

He's blamed Unix and its philosophy for bloated web browsers and the parts of Windows he doesn't like, so don't put it past him.

Brayden Hughes
Brayden Hughes

SystemDowns
A service manager for those with Down's.

Adrian Butler
Adrian Butler

Is systemd a security risk? I thought it made things more secure because it helped with sandboxing?

Jonathan Turner
Jonathan Turner

The Multicsfag will blame Unix for this,
I blame UNIX for this because it's a bug caused by C and UNIX that would not be possible on Multics. The bug is caused by a C macro that uses alloca to allocate on the stack with yet another lack of bounds checking. Multics uses separate stack segments with bounds checked automatically by hardware, which makes this exploit impossible. Even better, Multics can extend the stack automatically.

x86 supported bounds-checked segments since the 286 and became more similar to Multics machines since the 386, but UNIX doesn't use it (and neither does Windows) because it's not "portable" to RISCs. RISCs are designed to run C and UNIX and left out anything that would be useful to another OS like Multics. What this means is that RISCs like ARM and RISC-V are just PDP-11s with bigger address spaces. You might be surprised that I'm ultimately blaming RISCs and PDP-11s for a systemd exploit, but it's true.

as if systemd would be a well-written program in any language or operating system.
You're right about that. Systemd, like POSIX, would still suck in any language.

It's still written in C.

Web browsers are written in C and C++, both UNIX languages from AT&T. HTTP itself has misspellings because the UNIX spell checker sucks. Windows is also written in C and C++, which counteract the good engineering from VMS.

Hey. This is unix-haters, not RISC-haters.

Look, those guys at berkeley decided to optimise their
chip for C and Unix programs. It says so right in their
paper. They looked at how C programs tended to behave, and
(later) how Unix behaved, and made a chip that worked that
way. So what if it's hard to make downward lexical funargs
when you have register windows? It's a special-purpose
chip, remember?

Only then companies like Sun push their snazzy RISC
machines. To make their machines more attractive they
proudly point out "and of course it uses the great
general-purpose RISC. Why it's so general purpose that it
runs Unix and C just great!"

This, I suppose, is a variation on the usual "the way
it's done in unix is by definition the general case"
disease.

Nathaniel Bailey
Nathaniel Bailey

I appreciate your tenacity, if nothing else. I can always rely on you to dredge up unix-hating diatribes.

Dominic Thomas
Dominic Thomas

he actually responded

Attached: Oekaki.png (11.5 KB, 500x250)

James Brown
James Brown

Have you ever considered scrapbooking your mailing list quotes together and making them publicly available?

Angel Edwards
Angel Edwards

Aren't those from "The Unix-Haters Handbook"?

Blake Garcia
Blake Garcia

RISCs are designed to run C and UNIX
u wot m8
youtube.com/watch?v=CjDaaY9ceN0

Attached: Acorn-A3010.jpg (317.29 KB, 1280x964)

Aiden Powell
Aiden Powell

Multics fag is a CISC fag
How surprising. I guess it helps having "the hardware will solve all my problems" as a retort. Also, when will you admit that a decent GC (in thoughput and latency) is infinitely more complex and bloated (thus full of bug) than even gcc (not GCC)?

Kevin Rodriguez
Kevin Rodriguez

I blame UNIX for this because it's a bug caused by C and UNIX that would not be possible on Multics.
This is retarded, and you know it.
Vulns for Multics would be different, just as vulns for Windows are different than vulns for Linux, but they would still exist, especially in poorly written code.

Your security promises look exactly like those of any memelang: rust, go, jabbascript framework number infinity, they all claim to be airtight just because they don't have a few specific issues other software has.

Aaron Wood
Aaron Wood

What's your point. Acorn saw how RISC worked for UNIX and then applied that same idea to their own C based operating system.

Lucas Richardson
Lucas Richardson

why are you surprised?
the whole point of systemd was to be insecure and have many backdoors

it's obvious that a lot of code, bloat = big attack surface

Brayden Lewis
Brayden Lewis

The point is there's nothing that makes RISC designed for C or Unix. It can run any OS, any language just as well. In the 80's the C compilers sucked dick anyway. A lot of code for micros was done outright in asm. And even on Cray X-MP supercomputers (which did run Unix), people used Fortran for the best performance. Oh, and Sun used m68k before SPARC. You might as well says nonsense like CISC is designed for C/Unix. That'll make about as much sense.

Adrian Jackson
Adrian Jackson

B-BUT LIBAUDIT A-AUDITED IT FOR US

Austin Murphy
Austin Murphy

Serious question, why does every mainstream distribution use systemDicks? I know that GNOME is dependent on it, but what else?

Landon Wright
Landon Wright

You've been lied to. It's a giant program which grows every day, nobody's even exactly sure what it does. It's never been audited by security except by its vapid idiotic clueless users running it, which is hardly an audit.

Matthew Ward
Matthew Ward

booting 3 seconds faster, and something needs to make sure avahi, pulseaudio, dbus, polkit are running.

Jonathan Hernandez
Jonathan Hernandez

expecting anything written in C to be a good program
TOP KEK

Kevin Edwards
Kevin Edwards

based

Henry White
Henry White

How can we make Loonix more like that? What is the best OS that's also usable for web browsing?

Cooper Rivera
Cooper Rivera

Damn, I thought maybe multics user had just spent 20 years collecting snippets off of his mailing lists...
I'm less impressed with this shill now......

Jackson Hill
Jackson Hill

Redhat, Debian and Ubuntu more or less decide the direction the Linux world will take. Redhat has more money to shill their garbage and Debian's dev's are lazy as fuck and their system of internal governance is corrupt and often breaks it's own rules and ignores voting results they don't like. So when systemd forced down Debians throat everyone was pissed but no one did shit, especially when it became clear that after a time many things maintained by Redhat (or members of Redhat's current/former staff outside company time) would need patching to work without it and wouldn't be distributed with traditional init scripts. With both Redhat and Debian using systemd Ubuntu didn't have the clout to fight back, plus their alternative, Upstart, was pure shit.

I run a few servers with Devaun and it's a pain in the ass how many daemons don't include init scripts anymore so you need to dig up an old version and modify it's script and just hope with each update that upstream doesn't make any changes to break your script.

Nolan Jackson
Nolan Jackson

The main reason I see for the adoption is that SystemD simplifies creating and managing init scripts. Historically, init scripts are full of edge cases to verify if program A is already running, dead or needs to be started before program B. Other problem is that an automatic update can easily break them, see the link about init on wikipedia.
This simplification is with a huge cost, though. The complexity doesn't vanish, it is incorporated into SystemD itself.
In other words, SystemD reduces the work needed to be done by distro maintainers.
SystemD is a symptom of diseased system. A good OS wouldn't need such a thing.
And fuck Multics and Lisp machines, they are not the answer, just museum pieces.

en.wikipedia.org/wiki/Init

Zachary Miller
Zachary Miller

any language just as well.
Maybe if the language is like C.
They aren't from the Unix Haters Handbook. That guy is just a Ctarded UNIX weenie for thinking it's from there.

Kevin Gomez
Kevin Gomez

Cool, I use Devuan and I'm going to switch to GuixSD, after buing libre hardware. Funny thing. Few days ago I checked how big systemd actually is, compared to other init. GNU Shepherd - about 500KiB of source code, SystemDick - 40MiB. That's insane... How big is it going to be in the future? Will it grow forever? Why Poettering aren't making his own OS?

The main reason I see for the adoption is that SystemD simplifies creating and managing init scripts. Historically, init scripts are full of edge cases to verify if program A is already running, dead or needs to be started before program B.
SystemDick didn't invent dependency based service managers. It doesn't have to be so bloated for that. GNU Shepherd does the same:
gnu.org/software/shepherd/manual/html_node/Design-decisions.html#Design-decisions
I think the problem is that distro maintainers are lazy fucks, and people who donate these projects don't care about safety, nor what's the design of OS internals. What they care about is fancy UI. I don't know when GNOME became so pro systemd, but RedHat hosting it explains a lot. They poluted Debian and GNOME, and so did other distros, just because most of them are Debian based.

Does anyone know more detailed history about systemd and GNOME (New systemd hater here)? I wonder what happend with GNOME's GNU roots. Today you can't find anything about GNU on it's website, like they wanted to burry the past and software freedom.

Joshua Wright
Joshua Wright

Any sysadmin worth the title can whip up an init script for a daemon. Most of it is just adapting a generic template anyway.

Nigger, the Cray used a RISC architecture, but the 80's engineers used motherfucking Fortran when they ran their jobs on it. The Fortran compiler was written in motherfucking Pascal.

Landon Perez
Landon Perez

Stop typing in all caps. It makes you look stupid.

Jeremiah Rivera
Jeremiah Rivera

People think it's easy to use. It's not really though. In the time you have to learn all the custom ways systemd works you could've learned how linux works properly. Most distros also try to make a knockoff Windows with normie appeal. (Which Linux sucks at being anyways) I'm surprised they didn't manage yet to snake their way into the kernel.

Kevin Young
Kevin Young

It's merely just a feature, thread lock

Connor Scott
Connor Scott

why does every mainstream distribution use systemDicks?
Because it's easier for the distro maintainers, and because SystemD developers try to force distros to use their stuff.

Dominic Clark
Dominic Clark

no, just some of them are.

Easton Garcia
Easton Garcia

booting 3 seconds faster
Excuse me? You're telling me that this piece of pajeetware that boots slower than fucking windows is faster than other init systems?

Dominic Perry
Dominic Perry

not to mention the fact that SystemDick wastes minutes when shutting down because it fails to kill services properly and the default timeout is around 2 minutes per service. Also, wasn't RunIT the fastes init?

Jonathan Lewis
Jonathan Lewis

Runit is pretty fucking fast. Void Linux uses it and it easily has the fastest startup time of any distro I've tried.

Benjamin White
Benjamin White

Guess I'll give it a try on Devuan. Did anybody tried it, does it break something?

Nathan Ross
Nathan Ross

Most of all it's simple. Adding a service for it to supervise is usually one two line script. Want it to make logs? That's another two-liner.

You also get a startup file that's basically autoexec.bat. It's very easy to understand and modify.

Jaxson Young
Jaxson Young

Regardless, System D is spyware.

Carson Edwards
Carson Edwards

My mom uses it. It just debian without systemd, only think which may break is pulseaudio (just delet this if you have problems).

Angel Perez
Angel Perez

I'm surprised they didn't manage yet to snake their way into the kernel.
kdbus

Jordan Morales
Jordan Morales

How to use Firefox without pulseaudio? I was so happy with ALSA. It just werked.
Pulseaudio doesn't work very well for me. It cuts off the beginning when audio starts playing and there is white noise in the background.

John Powell
John Powell

steemit.com/linux/@crokkon/firefox-and-alsa-sound-without-pulseaudio

Kdbus wasn't included into Linux because they found a more generic way to do IPC than the Dbus way.

Nathaniel Wood
Nathaniel Wood

In other words, SystemD reduces the work needed to be done by distro maintainers.
No systemD's exists to eliminate distro maintainers. It was a power play by Red Hat to take over the Linux ecosystem and it worked. Just about every distro today is a repackaged version on Redhat/Fedora or Debian. Both lines are Red Hat's systemD.
There are a few hold outs like gentoo and Slackware but they end up just burning up man hours un-systemDing shit. They are just treading water rather then moving forward.

Red Hat wants Linux to become a big complicated mess like Solaris so they can sell those support contracts.

Jace Watson
Jace Watson

sndio, faggot.

Owen Lee
Owen Lee

sudo apt-get install apulse

that's it

Adrian Nguyen
Adrian Nguyen

how do you manage to fuck up an userland audio system in a way where there is white noise in the background constantly, lol I dont even

Leo Anderson
Leo Anderson

So this is the power of open source.... OH NNO NONONOO HAHAHAHA

Logan Jones
Logan Jones

Maybe if the language is like C.
C Derangement syndrome is real. HolyC for life.

Attached: abest.png (760.46 KB, 1046x675)

Disable AdBlock to view this page

Disable AdBlock to view this page

Confirm your age

This website may contain content of an adult nature. If you are under the age of 18, if such content offends you or if it is illegal to view such content in your community, please EXIT.

Enter Exit

About Privacy

We use cookies to personalize content and ads, to provide social media features and to analyze our traffic. We also share information about your use of our site with our advertising and analytics partners.

Accept Exit