Announcement

Collapse
No announcement yet.

Systemd 251-rc1 Released With Experimental systemd-sysupdate Tool

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #41
    Originally posted by mSparks View Post

    Good grief no. Making a bad idea optional doesn't make it a good idea.

    It just makes it an optional bad idea.
    You argued earlier it wasn't optional and now you are readily conceding that it is optional, that is good progress. You have yet to demonstrate what makes only updating integrity checked and signed updates if it is specifically configured to do so a bad idea
    Last edited by RahulSundaram; 03 April 2022, 04:55 PM.

    Comment


    • #42
      Originally posted by mSparks View Post
      You and the op completely fail to justify WHY systemd or its users need this "feature", and last time I checked Remote Code Execution was "considered harmful". Absolute JOKE you think its up to me to prove an RCE feature is not harmful.
      One more thing worth pointing out here: Remote code execution or arbitrary code execution is a very specific type of security vulnerability that requires a clear demonstration of the ability to run arbitrary code in the first place. Integrity checked and signed updates such as the ones used by systemd are very common in millions of systems and do not fall under this category by definition. So yes it is definitely up to you prove the ability to run arbitrary code first before you aggressively spread misinformation by calling something an RCE.

      Comment


      • #43
        Originally posted by RahulSundaram View Post

        You argued earlier it wasn't optional and now you are readily conceding that it is optional, that is good progress.
        I never made any such argument.

        Originally posted by RahulSundaram View Post
        You have yet to demonstrate what makes only updating integrity checked and signed updates if it is specifically configured to do so a bad idea
        Firstly, good grief no, integrity checking and signing doesn't prove remote code isn't malicious.
        Secondly, again, RCE is not a good idea, it will eventually be involved in a data breach, even the android links you provided - which have nothing to do with systemd - have been involved malicious compromises of devices.

        e.g.
        https://www.securityweek.com/over-ai...ndroid-devices

        Comment


        • #44
          Originally posted by mSparks View Post

          Firstly, good grief no, integrity checking and signing doesn't prove remote code isn't malicious.
          Secondly, again, RCE is not a good idea, it will eventually be involved in a data breach, even the android links you provided - which have nothing to do with systemd - have been involved malicious compromises of devices.

          e.g.
          https://www.securityweek.com/over-ai...ndroid-devices
          systemd-sysupdate requires root user to configure it before it can be used.

          It is usually used in enterprise setting for updating their own cluster, so if you are just using systemd on your own computer, you should not be concerned.

          If somebody gained root access on your computer, it will be a far severe problem and they will be able to do manipulate your computer whatever they like, regardless or whether systemd-sysupdate present or not.

          Comment


          • #45
            Originally posted by mSparks View Post
            I never made any such argument.
            You certainly did. You explicitly claimed,

            "There is no "optional" half way measure"

            and

            "open init to a backdoor autoinstaller"

            Now you understand it is entirely optional and not part of init. Otherwise your earlier comment that you are going to stick with an unmaintained older version in order to avoid this optional feature makes even less sense.

            Originally posted by mSparks View Post

            Firstly, good grief no, integrity checking and signing doesn't prove remote code isn't malicious.
            You are missing the point completely. Integrity checking and signing shows that the chain of trust is from the same source as any other update. Then the responsibility of the security of the code is the responsibility of the source you accepted the public key from and not the tooling regardless of whether it is apt, dnf of sysupdate.

            Originally posted by mSparks View Post

            Secondly, again, RCE is not a good idea
            You are confused again. Without the ability to install arbitrary code, there is no RCE/ACE. You are misusing the term.

            Originally posted by mSparks View Post

            even the android links you provided - which have nothing to do with systemd - have been involved malicious compromises of devices.
            You didn't read the systemd docs on this topic yet clearly. The same underlying tech (verity) is used in both Android and systemd and none of the compromises have involved verity.

            Comment


            • #46
              Originally posted by RahulSundaram View Post

              You certainly did. You explicitly claimed,

              "There is no "optional" half way measure"

              and

              "open init to a backdoor autoinstaller"

              Now you understand it is entirely optional and not part of init.
              You can also choose not to install it at all.

              That doesnt change installing it and enabling it being a bad idea, does it? "no optional half way measure"
              Last edited by mSparks; 04 April 2022, 06:22 AM.

              Comment


              • #47
                Originally posted by mSparks View Post
                You can also choose not to install it at all.
                Wonderful. You have now learned that it is not part of init, certainly not a backdoor as you earlier said and simply not be installed instead of your original plan of sticking with an unmaintained older version merely to avoid an optional feature. Progress

                Originally posted by mSparks View Post

                That doesnt change installing it and enabling it being a bad idea, does it? "no optional half way measure"
                Except your original claim was "Either it discovers and installs remote code automatically - bypassing the normal update procedure or it doesn't.
                There is no "optional" half way measure
                ". You have now learned that it doesn't bypass anything, installs only integrity checked and signed updates from the same source as all the other updates and what is a bad idea is to misuse terms like RCE. You have now learned that without demonstrable ability to run arbitrary code, there is no RCE. You are welcome.

                Comment


                • #48
                  Originally posted by RahulSundaram View Post

                  Wonderful. You have now learned that it is not part of init, certainly not a backdoor as you earlier said and simply not be installed instead of your original plan of sticking with an unmaintained older version merely to avoid an optional feature. Progress



                  Except your original claim was "Either it discovers and installs remote code automatically - bypassing the normal update procedure or it doesn't.
                  There is no "optional" half way measure
                  ". You have now learned that it doesn't bypass anything, installs only integrity checked and signed updates from the same source as all the other updates and what is a bad idea is to misuse terms like RCE. You have now learned that without demonstrable ability to run arbitrary code, there is no RCE. You are welcome.

                  Yes
                  Wonderful, we agree that not upgrading to a version with it at all is the best way of avoiding it.

                  In fact, after reading the background I think Im gonna to switch to an install with no systemd at all.
                  Last edited by mSparks; 04 April 2022, 08:15 AM.

                  Comment


                  • #49
                    Originally posted by mSparks View Post

                    Wonderful, we agree that not upgrading to a version with it at all is the best way of avoiding it.
                    Nope. We explicitly don't agree on that. It makes zero sense to not upgrade because of optional features in any project. As long as you don't make technically inaccurate assertions, I don't care though.

                    Comment


                    • #50
                      Originally posted by RahulSundaram View Post

                      Nope. We explicitly don't agree on that. It makes zero sense to not upgrade because of optional features in any project. As long as you don't make technically inaccurate assertions, I don't care though.
                      It seems optional because its marked "experimental". Who knows where it goes when its no longer experimental.

                      luckily this is Linux, everything is optional. All we need to do is differentiate good ideas from bad ones.

                      autodiscover and install A/B is not a good idea, as made clear by several pages now where you failed to address that point once.

                      Comment

                      Working...
                      X