SYSTEMD-JOURNALD IS VULNERABLE TO TWO MEMORY CORRUPTIONS AND ONE INFORMATION LEAK. ALL SYSTEMD LINUX SYSTEMS ARE VULNERABLE.
MORE SYSTEMD EXPLOITS PART II
This is why operating systems should be re-written in SPARK and formally verified.
Ada masterrace :^)
Eagerly awaiting the "not my problem" response.
The Multicsfag will blame Unix for this, as if systemd would be a well-written program in any language or operating system.
Does it have anything to do with binary logs?
It wouldn't even make sense for him to do that. Systemd is actively defiant against the Unix philosophy.
He's blamed Unix and its philosophy for bloated web browsers and the parts of Windows he doesn't like, so don't put it past him.
A service manager for those with Down's.
Is systemd a security risk? I thought it made things more secure because it helped with sandboxing?
The Multicsfag will blame Unix for this,
I blame UNIX for this because it's a bug caused by C and UNIX that would not be possible on Multics. The bug is caused by a C macro that uses alloca to allocate on the stack with yet another lack of bounds checking. Multics uses separate stack segments with bounds checked automatically by hardware, which makes this exploit impossible. Even better, Multics can extend the stack automatically.
x86 supported bounds-checked segments since the 286 and became more similar to Multics machines since the 386, but UNIX doesn't use it (and neither does Windows) because it's not "portable" to RISCs. RISCs are designed to run C and UNIX and left out anything that would be useful to another OS like Multics. What this means is that RISCs like ARM and RISC-V are just PDP-11s with bigger address spaces. You might be surprised that I'm ultimately blaming RISCs and PDP-11s for a systemd exploit, but it's true.
as if systemd would be a well-written program in any language or operating system.
You're right about that. Systemd, like POSIX, would still suck in any language.
It's still written in C.
Web browsers are written in C and C++, both UNIX languages from AT&T. HTTP itself has misspellings because the UNIX spell checker sucks. Windows is also written in C and C++, which counteract the good engineering from VMS.
Hey. This is unix-haters, not RISC-haters.
Look, those guys at berkeley decided to optimise their
chip for C and Unix programs. It says so right in their
paper. They looked at how C programs tended to behave, and
(later) how Unix behaved, and made a chip that worked that
way. So what if it's hard to make downward lexical funargs
when you have register windows? It's a special-purpose
Only then companies like Sun push their snazzy RISC
machines. To make their machines more attractive they
proudly point out "and of course it uses the great
general-purpose RISC. Why it's so general purpose that it
runs Unix and C just great!"
This, I suppose, is a variation on the usual "the way
it's done in unix is by definition the general case"
I appreciate your tenacity, if nothing else. I can always rely on you to dredge up unix-hating diatribes.
he actually responded
Have you ever considered scrapbooking your mailing list quotes together and making them publicly available?
Aren't those from "The Unix-Haters Handbook"?
RISCs are designed to run C and UNIX
u wot m8
Multics fag is a CISC fag
How surprising. I guess it helps having "the hardware will solve all my problems" as a retort. Also, when will you admit that a decent GC (in thoughput and latency) is infinitely more complex and bloated (thus full of bug) than even gcc (not GCC)?
I blame UNIX for this because it's a bug caused by C and UNIX that would not be possible on Multics.
This is retarded, and you know it.
Vulns for Multics would be different, just as vulns for Windows are different than vulns for Linux, but they would still exist, especially in poorly written code.
Your security promises look exactly like those of any memelang: rust, go, jabbascript framework number infinity, they all claim to be airtight just because they don't have a few specific issues other software has.
What's your point. Acorn saw how RISC worked for UNIX and then applied that same idea to their own C based operating system.
why are you surprised?
the whole point of systemd was to be insecure and have many backdoors
it's obvious that a lot of code, bloat = big attack surface
The point is there's nothing that makes RISC designed for C or Unix. It can run any OS, any language just as well. In the 80's the C compilers sucked dick anyway. A lot of code for micros was done outright in asm. And even on Cray X-MP supercomputers (which did run Unix), people used Fortran for the best performance. Oh, and Sun used m68k before SPARC. You might as well says nonsense like CISC is designed for C/Unix. That'll make about as much sense.
B-BUT LIBAUDIT A-AUDITED IT FOR US
Serious question, why does every mainstream distribution use systemDicks? I know that GNOME is dependent on it, but what else?
You've been lied to. It's a giant program which grows every day, nobody's even exactly sure what it does. It's never been audited by security except by its vapid idiotic clueless users running it, which is hardly an audit.
booting 3 seconds faster, and something needs to make sure avahi, pulseaudio, dbus, polkit are running.
expecting anything written in C to be a good program
How can we make Loonix more like that? What is the best OS that's also usable for web browsing?
Damn, I thought maybe multics user had just spent 20 years collecting snippets off of his mailing lists...
I'm less impressed with this shill now......
Redhat, Debian and Ubuntu more or less decide the direction the Linux world will take. Redhat has more money to shill their garbage and Debian's dev's are lazy as fuck and their system of internal governance is corrupt and often breaks it's own rules and ignores voting results they don't like. So when systemd forced down Debians throat everyone was pissed but no one did shit, especially when it became clear that after a time many things maintained by Redhat (or members of Redhat's current/former staff outside company time) would need patching to work without it and wouldn't be distributed with traditional init scripts. With both Redhat and Debian using systemd Ubuntu didn't have the clout to fight back, plus their alternative, Upstart, was pure shit.
I run a few servers with Devaun and it's a pain in the ass how many daemons don't include init scripts anymore so you need to dig up an old version and modify it's script and just hope with each update that upstream doesn't make any changes to break your script.
The main reason I see for the adoption is that SystemD simplifies creating and managing init scripts. Historically, init scripts are full of edge cases to verify if program A is already running, dead or needs to be started before program B. Other problem is that an automatic update can easily break them, see the link about init on wikipedia.
This simplification is with a huge cost, though. The complexity doesn't vanish, it is incorporated into SystemD itself.
In other words, SystemD reduces the work needed to be done by distro maintainers.
SystemD is a symptom of diseased system. A good OS wouldn't need such a thing.
And fuck Multics and Lisp machines, they are not the answer, just museum pieces.
any language just as well.
Maybe if the language is like C.
They aren't from the Unix Haters Handbook. That guy is just a Ctarded UNIX weenie for thinking it's from there.
Cool, I use Devuan and I'm going to switch to GuixSD, after buing libre hardware. Funny thing. Few days ago I checked how big systemd actually is, compared to other init. GNU Shepherd - about 500KiB of source code, SystemDick - 40MiB. That's insane... How big is it going to be in the future? Will it grow forever? Why Poettering aren't making his own OS?
The main reason I see for the adoption is that SystemD simplifies creating and managing init scripts. Historically, init scripts are full of edge cases to verify if program A is already running, dead or needs to be started before program B.
SystemDick didn't invent dependency based service managers. It doesn't have to be so bloated for that. GNU Shepherd does the same:
I think the problem is that distro maintainers are lazy fucks, and people who donate these projects don't care about safety, nor what's the design of OS internals. What they care about is fancy UI. I don't know when GNOME became so pro systemd, but RedHat hosting it explains a lot. They poluted Debian and GNOME, and so did other distros, just because most of them are Debian based.
Does anyone know more detailed history about systemd and GNOME (New systemd hater here)? I wonder what happend with GNOME's GNU roots. Today you can't find anything about GNU on it's website, like they wanted to burry the past and software freedom.
Any sysadmin worth the title can whip up an init script for a daemon. Most of it is just adapting a generic template anyway.
Nigger, the Cray used a RISC architecture, but the 80's engineers used motherfucking Fortran when they ran their jobs on it. The Fortran compiler was written in motherfucking Pascal.
Stop typing in all caps. It makes you look stupid.
People think it's easy to use. It's not really though. In the time you have to learn all the custom ways systemd works you could've learned how linux works properly. Most distros also try to make a knockoff Windows with normie appeal. (Which Linux sucks at being anyways) I'm surprised they didn't manage yet to snake their way into the kernel.
It's merely just a feature, thread lock
why does every mainstream distribution use systemDicks?
Because it's easier for the distro maintainers, and because SystemD developers try to force distros to use their stuff.
no, just some of them are.
booting 3 seconds faster
Excuse me? You're telling me that this piece of pajeetware that boots slower than fucking windows is faster than other init systems?
not to mention the fact that SystemDick wastes minutes when shutting down because it fails to kill services properly and the default timeout is around 2 minutes per service. Also, wasn't RunIT the fastes init?
Runit is pretty fucking fast. Void Linux uses it and it easily has the fastest startup time of any distro I've tried.
Guess I'll give it a try on Devuan. Did anybody tried it, does it break something?
Most of all it's simple. Adding a service for it to supervise is usually one two line script. Want it to make logs? That's another two-liner.
You also get a startup file that's basically autoexec.bat. It's very easy to understand and modify.
Regardless, System D is spyware.
My mom uses it. It just debian without systemd, only think which may break is pulseaudio (just delet this if you have problems).
I'm surprised they didn't manage yet to snake their way into the kernel.
How to use Firefox without pulseaudio? I was so happy with ALSA. It just werked.
Pulseaudio doesn't work very well for me. It cuts off the beginning when audio starts playing and there is white noise in the background.
Kdbus wasn't included into Linux because they found a more generic way to do IPC than the Dbus way.
In other words, SystemD reduces the work needed to be done by distro maintainers.
No systemD's exists to eliminate distro maintainers. It was a power play by Red Hat to take over the Linux ecosystem and it worked. Just about every distro today is a repackaged version on Redhat/Fedora or Debian. Both lines are Red Hat's systemD.
There are a few hold outs like gentoo and Slackware but they end up just burning up man hours un-systemDing shit. They are just treading water rather then moving forward.
Red Hat wants Linux to become a big complicated mess like Solaris so they can sell those support contracts.
sudo apt-get install apulse
how do you manage to fuck up an userland audio system in a way where there is white noise in the background constantly, lol I dont even
So this is the power of open source.... OH NNO NONONOO HAHAHAHA
Maybe if the language is like C.
C Derangement syndrome is real. HolyC for life.