Announcement

Collapse
No announcement yet.

Systemd 241 Being Prepared With "System Down" Security Fixes

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #31
    i wonder whether clear linux makes use of gcc stack clash protection

    Comment


    • #32
      Originally posted by R41N3R View Post
      Probably Arch Linux doesn't use GCC's stack clash protection, so good to know that there will be the 241 release soon!
      it's good to know that it's not safe to use arch linux then

      Comment


      • #33
        Originally posted by caligula View Post
        C programmers will still argue that billion dollar bugs every now and then are way better than wasting 4 bytes worth of space for every array.
        array sizes are 8 bytes on 64 bit platforms. nevertheless it will more than pay for itself by avoiding first loop of strlen calls to compute required buffer size. there is no reason to not use c++ in 2019. gcc switched to c++, gdb switched to c++, systemd should switch too

        i've recently looked at sources of one c90 library. it had 3 strlens of same string in 5 lines of code.
        Last edited by pal666; 13 January 2019, 04:38 PM.

        Comment


        • #34
          Originally posted by jpg44 View Post
          why not a normal user, with an apparmor profile by default?
          because real distros(ones which are not vulnerable to subj) use selinux

          Comment


          • #35
            Originally posted by hussam View Post
            Hypothetically speaking, how would one store a length property in a C array anyway?
            like everyone else: struct of length and pointer

            Comment


            • #36
              Originally posted by hreindl View Post

              there is a minor number of people which are not capable to learn something new and got triggered when they read systemd and write loud comments how bad it is while the majority is just using it or don't care at all about what is running as PID1

              if someone is braindead you can explain what you like and he will not realize that it's not a large binary nor will he realize the benefits of cgroups and namespaces or even that all the bolierplate code which exists in the sysvscripts in thousands of incarnations with redundancy and different bugs across distributions and in many cases just works by luck

              on a technical point you better discuss with a stone than with lowbrainers which fear when their partly understood script mess is going away they are rendered as obsolete too and the biggest idiots argue that unit files are windows-like and in that case even the stone is smarter

              In some cases, that "just works by luck" doesn't apply. There was a time long ago, before SystemD was a thing, where Linux Mint 15 would not even boot on my computer, because of some init scripts that locked up the system(not sure why, I don't even have that computer anymore so I can't check), but I can tell you that Linux Mint 16 fixed it....

              Comment


              • #37
                Originally posted by jpg44 View Post
                Perhaps, throw the length and the array pointer into a struct, and pass the struct pointer around?
                recommendation is to pass objects of such size(two pointers) by value

                Comment


                • #38
                  Originally posted by caligula View Post
                  Java does this and I can tell you it's not really that slow.
                  for some people php is not that slow

                  Comment


                  • #39
                    Originally posted by cybertraveler View Post
                    I personally don't think there is anything intrinsically wrong with using it.
                    try using it in a loop. or in inline function which is called in a loop. or in inline function which is called by an inline function which is called in a loop. you get the idea.
                    also even its manpage lists intrinsic bugs: no error indication and funny results when called between arguments of other function call
                    Originally posted by cybertraveler View Post
                    I think the most important thing is that C programmers know exactly what alloca() is and what the dangers are.
                    there are no reasons to use alloca
                    Originally posted by cybertraveler View Post
                    Just be aware of the dangers, exercise additional caution when using them and share your wisdom about these things with your fellow man.
                    what caution should you exercise with function which will not signal error when it had no stack left?
                    Last edited by pal666; 13 January 2019, 04:31 PM.

                    Comment


                    • #40
                      Originally posted by SystemCrasher View Post
                      These days there're plenty of use cases where few extra bytes here and there turn into gigabytes when put at scale.
                      surely in those cases few strlens here and there are much worse

                      Comment

                      Working...
                      X