Announcement

Collapse
No announcement yet.

CVE-2017-9445: systemd Hit By New Security Vulnerability

Collapse
X
Collapse
 
  • Page of 9
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 4 5 6 7 8 9 template Next
  • #41
    but y'know, that's already not "systemd", so it already loses most of its emotional impact.
    It still has systemd in the name, so I disagree.

    Comment

    • #42
      Originally posted by DanL View Post
      FFS, it's not clickbait, unless you want to assume that Michael is evil. systemd-resolved may not be what most people think of when they hear systemd, but it's still got systemd in the name and it's still part of that umbrella. Even if Michael had explicitly stated systemd-resolved was the culprit, it wouldn't change much. People would still click on the article, systemd fans/haters would still crawl out of the woodwork, and uid313 would still campaign for the entire Linux ecosystem to be rewritten in Rust.
      It is a clickbait and trolling coming from Michael. He does this from time to time and it's a fact.
      • Likes 2

      Comment

      • #43
        Originally posted by pal666 View Post
        to all languages without thoughts on backwards compatibility. all "modern" widely uses languages had some huge corporation to push it. and btw there exists modern version of c, it is called c++17
        Oh really? Go to the Linux mailing list and go tell Linus to re-write the kernel in C++17 and see what he says about C++.

        Comment

        • #44
          I patched it on my Fedora system yesterday by installing from Koji. Ho hum.

          Comment

          • #45
            Originally posted by Pawlerson View Post

            It is a clickbait and trolling coming from Michael. He does this from time to time and it's a fact.
            By default, every page view serves more of his seizure inducing ads so click bait is to be expected.
            • Likes 1

            Comment

            • #46

              Oh really? Go to the Linux mailing list and go tell Linus to re-write the kernel in C++17 and see what he says about C++.
              And he could answer that he happily co-writes his Subsurface program using C++ (and Qt).

              Qt objects do the bounds checking, etc.
              Last edited by Nth_man; 29 June 2017, 03:21 AM.
              • Likes 1

              Comment

              • #47
                Originally posted by sdack View Post
                Aaaaaand you got baited. I'm anything but a systemd fanboy. I don't like systemd, but I can live with it. Sad to see you couldn't read my comment as innocent as it was. How will this end? ...
                Baited? Methinks someone is projecting a tad too hard seeing how that post was rather heavily tongue-in-cheek.

                Originally posted by pal666 View Post
                classic imbecile who after all those years still can't understand that systemd-resolved is not systemd
                It's not like that actually matters with the way one is rather heavily dependent on the other.
                Last edited by L_A_G; 29 June 2017, 03:23 AM.
                • Likes 1

                Comment

                • #48
                  Originally posted by AsuMagic View Post

                  Have you just opened a random wikipedia page, Ctrl+F'd "criticism" and copy paste it over the forum?
                  No. It just happens to relate to the article and being cited in Wikipedia gives it some notability compared to some random stackexchange post explaining the issue.

                  Comment

                  • #49
                    Originally posted by Pajn View Post

                    Languages that uses a VM or doesn't interface well with C does not work for these kinds of things though. Rust does and most of systemd is new enough so there is no excuse for delivering software this broken.

                    The thing is, it's not even marginally. It's drastically better. Nearly all security bugs is due to bad languages and/or bad frameworks.
                    For instance the problem of bounds checking does not require a VM, see https://www.cs.bu.edu/~hwxi/academic/papers/pldi98.pdf

                    Comment

                    • #50
                      It's incredibly disingenuous articles like this that morally prevent me from obtaining another subscription to Phoronix.
                      You know it's a soft topic, choose your words more carefully. From a first perspective, even I thought it was a vulnerability that crashed the systemd daemon, not systemd-resolve. There's a clear difference there. I know you're not stupid and I'm quite aware that you made the article for click bait.

                      Michael
                      • Likes 3

                      Comment

                      Previous 1 2 3 4 5 6 7 8 9 template Next
                      Working...
                      X