Announcement

Collapse
No announcement yet.

Systemd 241 Paired With Linux 4.19+ To Enable New Regular File & FIFO Protection

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Systemd 241 Paired With Linux 4.19+ To Enable New Regular File & FIFO Protection

    Phoronix: Systemd 241 Paired With Linux 4.19+ To Enable New Regular File & FIFO Protection

    The Linux 4.19 kernel brought the ability to disallow the opening of FIFOs and regular files not owned by the user in world-writable sticky directories in the name of security. Had this ability been around previously it could have prevented a number of CVEs going back a long time. In helping ensure this functionality gets utilized, Systemd 241 will now set these sysctl options to enable the behavior by default...

    http://www.phoronix.com/scan.php?pag...nux-419-Sysctl

  • Weasel
    replied
    Originally posted by hreindl View Post
    *lol* and why do you than fight against sandboxing?
    I fight against "sandbox all the apps!" bullshit. Even trusted apps. Which is retarded.

    Most of systemd doesn't qualify for that, because it's available to all processes (it's a service / daemon) and so can be exploited by untrusted apps. It's not like a library or an app that other apps don't have access to. So sandboxing it is good.

    However, I do not hate systemd because it's sandboxed, if you got the wrong idea. Pretty sure I explained a million times at least why I find it bad, sandboxing wasn't one of them.

    Leave a comment:


  • Weasel
    replied
    Originally posted by hreindl View Post
    well, but how is this a problem for your fucking single-user machine besides "i want, i like, i don't like"
    Because it can have security vulnerabilities as evidenced in this thread. And why would it be "besides" those things?

    If someone dislikes a DE's UI, then he of course is going to complain about it, that's standard procedure. Same with systemd (or rather, some systemd components, since the init system/service manager is fine) and problem they're intertwined.

    Or you are one of those people who think that having a "upvote" but not a "downvote" is how the world should behave, which is retarded (i.e. you can only say nice things or nothing at all about a specific thing). For special snowflakes who can't handle the heat.

    Leave a comment:


  • mbello
    replied
    When the Debian-systemd drama was ongoing I followed it without any strong preference. Well, I did fear the move to systemd would mean that I would have to learn again a lot of basics and in fact I feel like an amateur when I have to deal with journalctl, systemctl, etc, I am still not comfortable with the systemd ways.
    systemd also introduces many bugs that are quite irritating, specially when it breaks trivial things like name resolution 'just because' they felt like reinventing the wheel and write systemd-resolved (or so it often seems).
    However, once you go deeper and realize the motivation to rewrite so many basic pieces and what systemd accomplishes as a whole, it is impressive.
    With systemd if I read a .service file and see that it is running as user X I am done. If it is a custom script for a random piece of software, I would not be comfortable it is doing the right thing. Also, writing .service files gets really easy while at the same time taking advantage of all security tools Linux has to offer.

    So I am sold on systemd, I think it may have some short term pain but on the long term having a really solid init solution that requires no custom scripts is the way to go for a sane system.

    Leave a comment:


  • Weasel
    replied
    Originally posted by hreindl View Post
    i call them idiots and since you are the one making claims such as "the Earth is flat" guess who is the idiot
    I state facts.

    e.g. systemd is shit because it's too large and intertwined with dependencies, has too many fucking components, and you can't disable/replace journald.

    This is a fact (ofc the fact that it's shit because of this fact is my opinion, suck it).

    Leave a comment:


  • Weasel
    replied
    Originally posted by hreindl View Post
    by pretend there is something like "trusted software" which has to run without any restrictions and that you are safe by scan downloads you have digged youself that deep in the shit that there is no way out - you simply have no clue about IT at all and the other 3 friends of you talking bullshit at least stop when they regognize it at their own

    you have brought no single technical fact in any thread over the last two weeks and repeatly show that you are dumb and deaf - that's it
    tl;dr analogy: what do you call someone which makes claims such as "the Earth is flat" and accuses others of being "dumb and deaf" when they refuse to acknowledge it? hreindl

    I'm going to say this one last time: your claims have negative value, not even zero. If you want to argue with me, come up with some actual backup to them. Claims will be fully ignored. I'm not accepting shit-tier claims and no that doesn't make me deaf, it simply makes your claims of below-worthless value.

    Leave a comment:


  • Weasel
    replied
    Originally posted by hreindl View Post
    come on show me a good way argue with a guy like Weasel which don't want to hear anything because he knows the world

    people argue like this are dumb and you can't tell them technical facts because they are dumb and deaf
    https://www.phoronix.com/forums/foru...67#post1074667
    You seem frustrated. It's funny, since you insulted a lot more people and I wasn't even the first one in this thread, so perhaps it's not me after all, it's YOU.

    Not sure what you linked has anything to do with systemd, but ok. About that: If all you can make are shit-tier claims, I can provide equal claims as arguments, kids like you need to learn the hard way why their arguments are shit by being mirrored and frustrated. You have to understand one thing: your claims don't have zero value, but a negative value. That's worse.

    Leave a comment:


  • malkavian
    replied
    Originally posted by hreindl View Post

    look how the haters here "argue" and it's not only here
    With insults like you both do? That's a good way of showing that you have no better to defend your position. Be happy.

    Leave a comment:


  • FireBurn
    replied
    Originally posted by skeevy420 View Post

    On Antergos, SDDM quit working with 240 this morning after upgrading to linux 4.20.3 (system froze, no magic sysrq or ctrl+alt+del, when SDDM should have launched) so I downgraded systemd, systemd-sysvcompat, and libidn2 from the actual system...that didn't go so well and I ended up with libidn2 missing library errors, had to boot up a live disk, arch-chroot in, blind extract libidn2 over /usr, and managed to get pacman working enough to do a pacman -Syyu....system booted up just fine after that. All I did to fix it was fix a fucked up downgrade.

    You might get lucky doing a reinstall of systemd and systemd-sysvcompat, maybe libidn2, from a chroot.

    I've never taken one side or the other on the systemd arguments, but systemd breaking my system 3 times in 3 days is enough to make me join the anti-systemd crowd and really light that fire under my ass to finally install Gentoo.
    I'm running gentoo, systemd 240 is running fine on my two bare metal systems, I'm only having issues with 240 on HyperV

    Leave a comment:


  • malkavian
    replied
    Originally posted by pal666 View Post
    clearly devuan bastards are anti-choice since they forbid systemd
    you are idiot. sane people do no care what packages are installed, they only care that their distro works well. when it doesn't, they change distro, not blame some random package, overloading their brains
    be smart enough to select distro with better packagers then
    Are that words necessary? Bastards, idiot? Seems that if you don't love systemd you are a hater an idiot. No more to talk with you, since you won't give a fuck. Just saying: bugtemd fucked my data and it is not GNU/Linux for me, I see it as a MS Windows project maybe. For stability I prefer serious developers who take care of bugs and KISS.

    Leave a comment:

Working...
X