Tweet
Originally posted by aht0
View Post
-
You're assuming active malice though. It's far more likely that they fixed what they thought was a DoS, failing to recognise that the bug was much worse than that. -
Hi Signals & Yall,
there are a bunch of toxic troll hereabouts - tiz masive pity indeed. As you would know, in the earlier days, they were fewer and there was a tad more peeps helping peeps happening. Well, that is my recollection in the late 90's on SuSE forums.
Have you considered FreeBSD, for a more Unix environment? It maybe a tad more secure also, compared to Windows. But on the other hand, CBF fixing broken stuff & why doesn't this #hit just work.... About then I take a holiday & play games in Windows..... :-p
All the best.
GreekGeek :-)
Comment
-
Only to those who equate “macros” with the C/C++ preprocessor.Originally posted by pal666 View Post
Look at Lisp for a language which does macros nicely, even elegantly.Comment
-
Hands up all those who have actually used a system with this vulnerability ...
.
.
.
(crickets)
.
.
.Comment
-
I remember late 90s SuSE and mandrake. The difference between now and then is that the Linux user base grew quickly along with the internet. People right now would rather discuss/comment on forums instead of file bug reports upstream. It is one of the reasons bugs don't get fixed as fast as they should.Originally posted by GreekGeek View Post
I see a lot of "did they fix so and so?" when news of new software shows on phoronix and I wonder if developers even know of those bugs. Did someone even bother reporting those bugs?
Comment
-
Let me rephrase that to make it more clear:Originally posted by pal666 View Post
For example, looking at the SuSE bug thread, it looks like the issue was passing incorrect mode bits to open(), so...Given that one of the common complaints about systemd is that it unnecessarily bundles too much functionality together into the one process which could take down the system if it fails, this makes me wonder if this trend of not bothering to isolate risk led to or exacerbated this problem.
Could this systemd timers thing have been implemented in such a way that setuid wasn't a risk to begin with or the exploitability of accidentally generating a setuid file was greatly reduced or eliminated.
1. Why the heck does it have a umask() set that allows file creation with suid and execute set in the first place?
2. Why are those files being created root-owned, rather than as some minimally-privileged user?Comment
-
-
Not even Linux itself is often Linux-compatible..Originally posted by starshipeleven View PostComment
-
signals But why Windows when you can just use a non-systemd distro? For example, just install Arch and a non-GNOME DE or even a WM and you won't have systemd. It's *that* simple. And if there's other parts you don't like, just build your own thing from scratch using Arch or Gentoo or LFS or whatever. The freedom from the 90's is still here.
Don't see this as a Windows-hate post or anything, I'm just wondering why you just didn't set up a distro without systemd instead.Comment
Comment