SYSTEMD-JOURNALD IS VULNERABLE TO TWO MEMORY CORRUPTIONS AND ONE INFORMATION LEAK. ALL SYSTEMD LINUX SYSTEMS ARE VULNERABLE.
MORE SYSTEMD EXPLOITS PART II
Christian Nguyen
Other urls found in this thread:
youtube.com
en.wikipedia.org
gnu.org
steemit.com
github.com
github.com
invidio.us
homepages.inf.ed.ac.uk
en.wikipedia.org
gnu.org
archive.fo
seclists.org
twitter.com
Colton Cruz
This is why operating systems should be re-written in SPARK and formally verified.
Ada masterrace :^)
Caleb Brooks
Eagerly awaiting the "not my problem" response.
David Perez
That's inconceivable!
Gabriel Powell
The Multicsfag will blame Unix for this, as if systemd would be a well-written program in any language or operating system.
Logan Lewis
Does it have anything to do with binary logs?
:^)
Colton Taylor
It wouldn't even make sense for him to do that. Systemd is actively defiant against the Unix philosophy.
Brody Davis
He's blamed Unix and its philosophy for bloated web browsers and the parts of Windows he doesn't like, so don't put it past him.
Brayden Hughes
A service manager for those with Down's.
Adrian Butler
Is systemd a security risk? I thought it made things more secure because it helped with sandboxing?
Jonathan Turner
I blame UNIX for this because it's a bug caused by C and UNIX that would not be possible on Multics. The bug is caused by a C macro that uses alloca to allocate on the stack with yet another lack of bounds checking. Multics uses separate stack segments with bounds checked automatically by hardware, which makes this exploit impossible. Even better, Multics can extend the stack automatically.
x86 supported bounds-checked segments since the 286 and became more similar to Multics machines since the 386, but UNIX doesn't use it (and neither does Windows) because it's not "portable" to RISCs. RISCs are designed to run C and UNIX and left out anything that would be useful to another OS like Multics. What this means is that RISCs like ARM and RISC-V are just PDP-11s with bigger address spaces. You might be surprised that I'm ultimately blaming RISCs and PDP-11s for a systemd exploit, but it's true.
You're right about that. Systemd, like POSIX, would still suck in any language.
It's still written in C.
Web browsers are written in C and C++, both UNIX languages from AT&T. HTTP itself has misspellings because the UNIX spell checker sucks. Windows is also written in C and C++, which counteract the good engineering from VMS.
Hey. This is unix-haters, not RISC-haters. Look, those guys at berkeley decided to optimise theirchip for C and Unix programs. It says so right in theirpaper. They looked at how C programs tended to behave, and(later) how Unix behaved, and made a chip that worked thatway. So what if it's hard to make downward lexical funargswhen you have register windows? It's a special-purposechip, remember? Only then companies like Sun push their snazzy RISCmachines. To make their machines more attractive theyproudly point out "and of course it uses the greatgeneral-purpose RISC. Why it's so general purpose that itruns Unix and C just great!" This, I suppose, is a variation on the usual "the wayit's done in unix is by definition the general case"disease.
Nathaniel Bailey
I appreciate your tenacity, if nothing else. I can always rely on you to dredge up unix-hating diatribes.
Dominic Thomas
James Brown
Have you ever considered scrapbooking your mailing list quotes together and making them publicly available?
Angel Edwards
Aren't those from "The Unix-Haters Handbook"?
Blake Garcia
u wot m8
youtube.com
Aiden Powell
How surprising. I guess it helps having "the hardware will solve all my problems" as a retort. Also, when will you admit that a decent GC (in thoughput and latency) is infinitely more complex and bloated (thus full of bug) than even gcc (not GCC)?
Kevin Rodriguez
This is retarded, and you know it.
Vulns for Multics would be different, just as vulns for Windows are different than vulns for Linux, but they would still exist, especially in poorly written code.
Your security promises look exactly like those of any memelang: rust, go, jabbascript framework number infinity, they all claim to be airtight just because they don't have a few specific issues other software has.
Aaron Wood
What's your point. Acorn saw how RISC worked for UNIX and then applied that same idea to their own C based operating system.
Lucas Richardson
why are you surprised?
the whole point of systemd was to be insecure and have many backdoors
it's obvious that a lot of code, bloat = big attack surface
Brayden Lewis
The point is there's nothing that makes RISC designed for C or Unix. It can run any OS, any language just as well. In the 80's the C compilers sucked dick anyway. A lot of code for micros was done outright in asm. And even on Cray X-MP supercomputers (which did run Unix), people used Fortran for the best performance. Oh, and Sun used m68k before SPARC. You might as well says nonsense like CISC is designed for C/Unix. That'll make about as much sense.
Adrian Jackson
B-BUT LIBAUDIT A-AUDITED IT FOR US
Austin Murphy
Serious question, why does every mainstream distribution use systemDicks? I know that GNOME is dependent on it, but what else?
Landon Wright
You've been lied to. It's a giant program which grows every day, nobody's even exactly sure what it does. It's never been audited by security except by its vapid idiotic clueless users running it, which is hardly an audit.
Matthew Ward
booting 3 seconds faster, and something needs to make sure avahi, pulseaudio, dbus, polkit are running.
Jonathan Hernandez
TOP KEK
Kevin Edwards
based
Henry White
How can we make Loonix more like that? What is the best OS that's also usable for web browsing?
Cooper Rivera
Damn, I thought maybe multics user had just spent 20 years collecting snippets off of his mailing lists...
I'm less impressed with this shill now......
Jackson Hill
Redhat, Debian and Ubuntu more or less decide the direction the Linux world will take. Redhat has more money to shill their garbage and Debian's dev's are lazy as fuck and their system of internal governance is corrupt and often breaks it's own rules and ignores voting results they don't like. So when systemd forced down Debians throat everyone was pissed but no one did shit, especially when it became clear that after a time many things maintained by Redhat (or members of Redhat's current/former staff outside company time) would need patching to work without it and wouldn't be distributed with traditional init scripts. With both Redhat and Debian using systemd Ubuntu didn't have the clout to fight back, plus their alternative, Upstart, was pure shit.
I run a few servers with Devaun and it's a pain in the ass how many daemons don't include init scripts anymore so you need to dig up an old version and modify it's script and just hope with each update that upstream doesn't make any changes to break your script.
Nolan Jackson
The main reason I see for the adoption is that SystemD simplifies creating and managing init scripts. Historically, init scripts are full of edge cases to verify if program A is already running, dead or needs to be started before program B. Other problem is that an automatic update can easily break them, see the link about init on wikipedia.
This simplification is with a huge cost, though. The complexity doesn't vanish, it is incorporated into SystemD itself.
In other words, SystemD reduces the work needed to be done by distro maintainers.
SystemD is a symptom of diseased system. A good OS wouldn't need such a thing.
And fuck Multics and Lisp machines, they are not the answer, just museum pieces.
Zachary Miller
Maybe if the language is like C.
They aren't from the Unix Haters Handbook. That guy is just a Ctarded UNIX weenie for thinking it's from there.
Kevin Gomez
Cool, I use Devuan and I'm going to switch to GuixSD, after buing libre hardware. Funny thing. Few days ago I checked how big systemd actually is, compared to other init. GNU Shepherd - about 500KiB of source code, SystemDick - 40MiB. That's insane... How big is it going to be in the future? Will it grow forever? Why Poettering aren't making his own OS?
SystemDick didn't invent dependency based service managers. It doesn't have to be so bloated for that. GNU Shepherd does the same:
gnu.org
I think the problem is that distro maintainers are lazy fucks, and people who donate these projects don't care about safety, nor what's the design of OS internals. What they care about is fancy UI. I don't know when GNOME became so pro systemd, but RedHat hosting it explains a lot. They poluted Debian and GNOME, and so did other distros, just because most of them are Debian based.
Does anyone know more detailed history about systemd and GNOME (New systemd hater here)? I wonder what happend with GNOME's GNU roots. Today you can't find anything about GNU on it's website, like they wanted to burry the past and software freedom.
Joshua Wright
Any sysadmin worth the title can whip up an init script for a daemon. Most of it is just adapting a generic template anyway.
Nigger, the Cray used a RISC architecture, but the 80's engineers used motherfucking Fortran when they ran their jobs on it. The Fortran compiler was written in motherfucking Pascal.
Landon Perez
Stop typing in all caps. It makes you look stupid.
Jeremiah Rivera
People think it's easy to use. It's not really though. In the time you have to learn all the custom ways systemd works you could've learned how linux works properly. Most distros also try to make a knockoff Windows with normie appeal. (Which Linux sucks at being anyways) I'm surprised they didn't manage yet to snake their way into the kernel.
Kevin Young
It's merely just a feature, thread lock
Connor Scott
Because it's easier for the distro maintainers, and because SystemD developers try to force distros to use their stuff.
Dominic Clark
no, just some of them are.
Easton Garcia
Excuse me? You're telling me that this piece of pajeetware that boots slower than fucking windows is faster than other init systems?
Dominic Perry
not to mention the fact that SystemDick wastes minutes when shutting down because it fails to kill services properly and the default timeout is around 2 minutes per service. Also, wasn't RunIT the fastes init?
Jonathan Lewis
Runit is pretty fucking fast. Void Linux uses it and it easily has the fastest startup time of any distro I've tried.
Benjamin White
Guess I'll give it a try on Devuan. Did anybody tried it, does it break something?
Nathan Ross
Most of all it's simple. Adding a service for it to supervise is usually one two line script. Want it to make logs? That's another two-liner.
You also get a startup file that's basically autoexec.bat. It's very easy to understand and modify.
Jaxson Young
Regardless, System D is spyware.
Carson Edwards
My mom uses it. It just debian without systemd, only think which may break is pulseaudio (just delet this if you have problems).
Angel Perez
kdbus
Jordan Morales
How to use Firefox without pulseaudio? I was so happy with ALSA. It just werked.
Pulseaudio doesn't work very well for me. It cuts off the beginning when audio starts playing and there is white noise in the background.
John Powell
steemit.com
Kdbus wasn't included into Linux because they found a more generic way to do IPC than the Dbus way.
Nathaniel Wood
No systemD's exists to eliminate distro maintainers. It was a power play by Red Hat to take over the Linux ecosystem and it worked. Just about every distro today is a repackaged version on Redhat/Fedora or Debian. Both lines are Red Hat's systemD.
There are a few hold outs like gentoo and Slackware but they end up just burning up man hours un-systemDing shit. They are just treading water rather then moving forward.
Red Hat wants Linux to become a big complicated mess like Solaris so they can sell those support contracts.
Jace Watson
sndio, faggot.
Owen Lee
sudo apt-get install apulse
that's it
Adrian Nguyen
how do you manage to fuck up an userland audio system in a way where there is white noise in the background constantly, lol I dont even
Leo Anderson
So this is the power of open source.... OH NNO NONONOO HAHAHAHA
Logan Jones
C Derangement syndrome is real. HolyC for life.
Justin Gray
Just wait, all systemdick infections will start to hang like windows vista... and then worse. And worse after that.
Lots of corporate systems randomly freezing. And people wont even know it its because the code is shit, or someone exfiltrating your data is making the system hang.
I'd say poopering and red-fat shot themselves in the foot, but its more like they shot themselves in the D.
Josiah Nelson
No, there's slighly more you have to do.
You have to "whitelist" /dev/dsp or whatever in about:config.
Kayden Butler
All according to plan to destroy OSS.
systemd, loss of grsecurity (blatant violation of the GPL), kicking out of all non-wage slaves from linux-kernel via CoC (and other projects).
FOSS is dead.
Nicholas Taylor
Bug class from infinite years ago again comes back to haunt.
Jason King
Don't forget Devuan
Nicholas Nelson
SysV without starting 1000 useless services is faster than systemd.
Gavin Martinez
Standard response is
Later:
Angel Baker
Why does every mainstream distro value do-nothing #debian-women over the men who actually do the work (for free!), and kick out the men (see the debian japanese guy that just got "demoted").
Honestly, the disrespected maintainers and programmers should torture and murder the people "demoting" them.
That's what black men do.
That's what men do.
Cut off their fingers so they cannot "demote" the JP samauri.
Then burn them alive on a wheel.
Henry Cooper
See the following (and the rest of the document, if you're going to use apulse): github.com
Also, if you're JACKed up, Firefox is supposed to work with it consistently since some time last year. The bug tracker says version 60. Haven't had JACK and Firefox on the same machine since then though. I'm be curious to know how well they pair together now.
Jose Roberts
They'll support JACK but not regular ALSA (which everything actually runs on anyway)
Fucking faggots
(Why would anyone use pulse over jack...)
Christopher Perez
That guys face and those glasses, is imprinted into Linux. And its pathetic.
Jayden Gutierrez
Now fixed in v241
github.com
Tyler Hernandez
I want to fuck that little smug twink until his asshole bleeds!
James Ortiz
...
Benjamin King
From the latest (2017) edition of "The Unix and Linux System Administrator's Handbook".
btw they also portray UEFI and GRUB2 as waaaay better than their predecessors
Kayden Gonzalez
GRUB2 is what made me switch to syslinux. GRUB's config was simple, GRUB2 makes it a mess that might be worth it if you have 30 OSs installed but for one or two it's not worth it.
Ayden Bennett
It's like seeing a modern Russian arguing about how Communism was better than Imperial rule.
Jacob Walker
Is there even a reason not to keep using GRUB 0.97 if you don't explicitly need bootloader functionality which goes beyond what it offers?
You can install 30 or more OSes with the old GRUB without issue if you know what you're doing (i.e. if you have at least rudimentary knowledge about partitioning, file systems, and boot loaders involved in the OSes you install).
Jacob Sanders
Can someone tell me why Torvalds didn't write his own bootloader for linux?
Sebastian Williams
efi can boot it so you dont even need a bootloader anymore. might not be compiled with support for that if you use a distro kernel
Jackson Smith
Because GNU/Linux is the operating system, and linux is just a kernel.
Mason Edwards
There's still people believing Linus Torvalds being directly involved in anything but the kernel?
Levi Ortiz
You guys forget git.
Luis King
But in '92 or whenever, EFI didn't exist, so a bootloader was necessary. I mean it would've been only 512 bytes that he would've had to write by hand. Why didn't he is what I am wanting to know.
Kayden Fisher
Using JACK with Firefox in CloverOS/Gentoo (emerge -g rather than -G). Works just fine.
Angel Hill
I'll just leave this here:
invidio.us
Ryan Green
The firmware's job should be to find the physical boot device and bootstrap it's sector 0 code. Finding filesystems or even kernels to boot should be none of its business, this is actually systemd-like feature creep.
Evan Reyes
OK. Thanks for the video, but how does it have anything to do with Torvalds not writing a bootloader for linux?
I understand how Basic Input/Output System works. I am asking about why Torvalds didn't write his own bootloader. That's all I want to know about.
Camden Ross
What's wrong with this? Simplicity breeds creativity and Terry Davis's TempleOS is proof of this. To this day x86 and all sorts of Mega-computer bullshit like the burroughs machines and the CRAY sludge still live while GOOD processors like the m68k and the classic ARM processors are thrown out due to the IBM disease.
Computing peaked at the Amiga, Sparcstations, SGI machines, and the Classic-PowerPC Apple boxes.
Bring me the 64 bit PIC and you'll bring me the Light.
Liam Cruz
Because PDP's weren't RISC anyways.
Ryder Phillips
So are you pro-RISC or are you anti-RISC?
In my opinion it doesn't matter. The m68k had combined load-store instructions so its technically a CISC but it was so small and nice that its fantastic to work with. Compared that to modern x86 that it feels like it needs to add another processor built into the main processor to run MINIX. (I know this will piss you off)
Noah Turner
RISC architecture didn't exist until after the PDP's. That's my point.
Nicholas Ortiz
Right so now Linus has the kernel, systemd and git in his operating system. Congratulations!
Or Poettering has linux and git inside systemd operating system.
Dylan Bell
Because it ignores 60 years of working solutions. RISCs resemble the PDP-11 because they're designed for C and UNIX. Lisp machine hardware and Multics hardware would make a lot of programs much faster and solutions much simpler.
RISCs like POWER are not simple. RISCs are anti-creativity because they all look the same. 32 registers, load store, separate FP "coprocessor" design, PDP-11 memory model, 32-bit instructions now with 16/32-bit "compressed" instructions. What sucks about RISC assembly vs x86 or another CISC is how many instructions it needs to do anything and how much memory those take up.
The 286 and 386 were good designs (given their requirement for 8086 compatibility) and most of the ugliness and bloat in x86 came from SIMD registers, which is a RISC idea. The CISC equivalent to SIMD is vector registers, from the CRAY that you don't like.
homepages.inf.ed.ac.uk
Burroughs machines are a very elegant and powerful design and one of the forerunners to Lisp machines. CRAY is vector registers done right, but Intel was copying RISCs instead, so they're stuck reinventing SIMD wheels over and over again.
en.wikipedia.org
Motorola and Apple replaced 68K with PowerPC. Classic ARM was thrown out because it's not RISC enough.
"RISC is to hardware what the UNIX operating system [sic] is to software." Subject: Wait, I thought RISC was a *good* idea No, the quote is exactly right. RISC is a lazy solutionalong the lines of "well, we don't know how to writecompilers that use complex instructions efficiently, and wedon't know how to design complex hardware that runs fast, sowe'll make everything simple, and we can advertise we run at80Mhz even though the system supports fewer user than a 1MIP DEC-20." It's exactly analagous to "you can use pipes andredirection shell scripts to do anything, so we don't haveto write any REAL programs" and "portability is moreimportant that usability" philosophies so rampant in theunix world.(Was I properly vitrolic this time?)
Thomas Sullivan
I disagree.
Isaiah Foster
Don't ever change, Zig Forums.
Jaxson Cruz
It still doesn't explain why Torvalds didn't write his own bootlader so it still doesn't apply no matter how you try to spin it.
Christian Morris
< What's "scope creep", daddy?
< Why doesn't linux handle init, too?
You're neat.
Luis Gutierrez
What are you trying to say? That Linux should be it's own bootloader and have its own init system? It definitely should have its own bootloader and init system so we can avoid shit like systemd and grub2. Fuck. Free software is for faggots.
Hunter Miller
< Linux should become more like systemd in order to avoid systemd from existing.
I guess this thread is over, lads.
Gabriel Edwards
Not anywhere close what I am discussing. How about you shove a broomstick through up your ass? Maybe you will scratch your brain and have an actual thought. I know you are faggot and will enjoy it either way.
Jose Powell
Why stop with the bootloader. Let's put a DNS lookup service in the kernel! Oh and a webserver for remote administration! Why yes, I do love javascript and rust, why do you ask?
Chase Parker
or use a different distro or operating system that does not use potterware or grub2
back to windows already? :^)
Landon Jones
Because Linux was never indended to be an operating system, but just a kernel. GNU was, but it was lacking a kernel, so they started developing the Hurd, but Torvalds was kind enough to free linux.
Read this and everything will become clear.
gnu.org
Grayson Walker
A NEW EXPLOIT: SYSTEMDICK PID 1 CAN BE SEGFAULTED WITH A "SPECIALLY" CRAFTED D-BUS MESSAGE
archive.fo
seclists.org