Inferencium/website
1
0
Fork 0
Code Issues Activity

Update webpage "Blog - #1" from version "5.1.0-beta.1" to "6.0.0-beta.1"

Browse Source
This commit is contained in:
inference 2024-01-13 08:41:01 +00:00
parent 1bc9a3d1c0
commit 20efa9f811
Signed by: inference
SSH Key Fingerprint: SHA256:FtEVfx1CmTKMy40VwZvF4k+3TC+QhCWy+EmPRg50Nnc
1 changed files with 19 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
blog/systemd_insecurity.html → blog/systemd_insecurity.xhtml
View File

@ -1,13 +1,13 @@
<!DOCTYPE html>
<!-- Inferencium - Website - Blog - #1 -->
<!-- Version: 5.1.0-beta.1 -->
<!-- Version: 6.0.0-beta.1 -->
<!-- Copyright 2022 Jake Winters -->
<!-- SPDX-License-Identifier: BSD-3-Clause -->
<html lang="en">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="utf-8"/>
<meta name="viewport" content="width=device-width, initial-scale=1"/>
@ -16,23 +16,23 @@
</head>
<body>
<nav class="navbar">
<div><a href="../index.html"><img src="../asset/img/logo-inferencium-no_text.png" width="110px" height="110px"/></a></div>
<div><a href="../index.html" class="title">Inferencium</a></div>
<div><a href="../about.html">About</a></div>
<div><a href="../contact.html">Contact</a></div>
<div><a href="../blog.html">Blog</a></div>
<div><a href="../documentation.html">Documentation</a></div>
<div><a href="../source.html">Source</a></div>
<div><a href="../key.html">Key</a></div>
<div><a href="../changelog.html">Changelog</a></div>
<div><a href="../directory.html">Directory</a></div>
<div><a href="../index.xhtml"><img src="../asset/img/logo-inferencium-no_text.png" width="110px" height="110px"/></a></div>
<div><a href="../index.xhtml" class="title">Inferencium</a></div>
<div><a href="../about.xhtml">About</a></div>
<div><a href="../contact.xhtml">Contact</a></div>
<div><a href="../blog.xhtml">Blog</a></div>
<div><a href="../documentation.xhtml">Documentation</a></div>
<div><a href="../source.xhtml">Source</a></div>
<div><a href="../key.xhtml">Key</a></div>
<div><a href="../changelog.xhtml">Changelog</a></div>
<div><a href="../directory.xhtml">Directory</a></div>
</nav>
<h1>Blog - #1</h1>
<h2>systemd Insecurity</h2>
<p class="update_date">Posted: 2022-01-29 (UTC+00:00)</p>
<p class="update_date">Updated: 2023-10-31 (UTC+00:00)</p>
<nav id="toc">
<h2 id="toc"><a href="#toc">Table of Contents<a/></h2>
<h2 id="toc"><a href="#toc">Table of Contents</a></h2>
<ul>
<li><a href="#issue-0">Issue #0 - Against CVE Assignment</a></li>
<li><a href="#issue-1">Issue #1 - CVEs Are Not Useful</a></li>
@ -75,18 +75,16 @@
</section>
<section id="issue-3">
<h2 id="issue-3"><a href="#issue-3">Issue #3 - Blaming the User</a></h2>
<blockquote>"Yes, as you found out "0day" is not a valid username. I wonder
<blockquote><p>"Yes, as you found out "0day" is not a valid username. I wonder
which tool permitted you to create it in the first place. Note that not
permitting numeric first characters is done on purpose: to avoid ambiguities
between numeric UID and textual user names.<br>
<br>
systemd will validate all configuration data you drop at it, making it hard to
between numeric UID and textual user names.</p>
<p>systemd will validate all configuration data you drop at it, making it hard to
generate invalid configuration. Hence, yes, it's a feature that we don't permit
invalid user names, and I'd consider it a limitation of xinetd that it doesn't
refuse an invalid username.<br>
<br>
So, yeah, I don't think there's anything to fix in systemd here. I understand
this is annoying, but still: the username is clearly not valid."</blockquote>
refuse an invalid username.</p>
<p>So, yeah, I don't think there's anything to fix in systemd here. I understand
this is annoying, but still: the username is clearly not valid."</p></blockquote>
<p>- Lennart Poettering, systemd lead developer</p>
<p><b>My thoughts:</b> systemd was the thing that allowed root access just because a
username started with a number, then Poettering blamed the user.</p>