Inferencium/website
1
0
Fork 0
Code Issues Activity

Update webpage "Blog - #1" from version "5.1.0" to "6.0.0"

Browse Source
This commit is contained in:
inference 2024-01-15 04:21:51 +00:00
parent 5357bf36b3
commit 7599cf20d1
Signed by: inference
SSH Key Fingerprint: SHA256:FtEVfx1CmTKMy40VwZvF4k+3TC+QhCWy+EmPRg50Nnc
1 changed files with 19 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
blog/systemd_insecurity.html → blog/systemd_insecurity.xhtml
View File

@ -1,13 +1,13 @@
<!DOCTYPE html> <!DOCTYPE html>
<!-- Inferencium - Website - Blog - #1 --> <!-- Inferencium - Website - Blog - #1 -->
<!-- Version: 5.1.0 --> <!-- Version: 6.0.0 -->
<!-- Copyright 2022 Jake Winters --> <!-- Copyright 2022 Jake Winters -->
<!-- SPDX-License-Identifier: BSD-3-Clause --> <!-- SPDX-License-Identifier: BSD-3-Clause -->
<html lang="en"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head> <head>
<meta charset="utf-8"/> <meta charset="utf-8"/>
<meta name="viewport" content="width=device-width, initial-scale=1"/> <meta name="viewport" content="width=device-width, initial-scale=1"/>
@ -16,23 +16,23 @@
</head> </head>
<body> <body>
<nav class="navbar"> <nav class="navbar">
<div><a href="../index.html"><img src="../asset/img/logo-inferencium-no_text.png" width="110px" height="110px"/></a></div> <div><a href="../index.xhtml"><img src="../asset/img/logo-inferencium-no_text.png" width="110px" height="110px"/></a></div>
<div><a href="../index.html" class="title">Inferencium</a></div> <div><a href="../index.xhtml" class="title">Inferencium</a></div>
<div><a href="../about.html">About</a></div> <div><a href="../about.xhtml">About</a></div>
<div><a href="../contact.html">Contact</a></div> <div><a href="../contact.xhtml">Contact</a></div>
<div><a href="../blog.html">Blog</a></div> <div><a href="../blog.xhtml">Blog</a></div>
<div><a href="../documentation.html">Documentation</a></div> <div><a href="../documentation.xhtml">Documentation</a></div>
<div><a href="../source.html">Source</a></div> <div><a href="../source.xhtml">Source</a></div>
<div><a href="../key.html">Key</a></div> <div><a href="../key.xhtml">Key</a></div>
<div><a href="../changelog.html">Changelog</a></div> <div><a href="../changelog.xhtml">Changelog</a></div>
<div><a href="../directory.html">Directory</a></div> <div><a href="../directory.xhtml">Directory</a></div>
</nav> </nav>
<h1>Blog - #1</h1> <h1>Blog - #1</h1>
<h2>systemd Insecurity</h2> <h2>systemd Insecurity</h2>
<p class="update_date">Posted: 2022-01-29 (UTC+00:00)</p> <p class="update_date">Posted: 2022-01-29 (UTC+00:00)</p>
<p class="update_date">Updated: 2023-10-31 (UTC+00:00)</p> <p class="update_date">Updated: 2023-10-31 (UTC+00:00)</p>
<nav id="toc"> <nav id="toc">
<h2 id="toc"><a href="#toc">Table of Contents<a/></h2> <h2 id="toc"><a href="#toc">Table of Contents</a></h2>
<ul> <ul>
<li><a href="#issue-0">Issue #0 - Against CVE Assignment</a></li> <li><a href="#issue-0">Issue #0 - Against CVE Assignment</a></li>
<li><a href="#issue-1">Issue #1 - CVEs Are Not Useful</a></li> <li><a href="#issue-1">Issue #1 - CVEs Are Not Useful</a></li>
@ -75,18 +75,16 @@
</section> </section>
<section id="issue-3"> <section id="issue-3">
<h2 id="issue-3"><a href="#issue-3">Issue #3 - Blaming the User</a></h2> <h2 id="issue-3"><a href="#issue-3">Issue #3 - Blaming the User</a></h2>
<blockquote>"Yes, as you found out "0day" is not a valid username. I wonder <blockquote><p>"Yes, as you found out "0day" is not a valid username. I wonder
which tool permitted you to create it in the first place. Note that not which tool permitted you to create it in the first place. Note that not
permitting numeric first characters is done on purpose: to avoid ambiguities permitting numeric first characters is done on purpose: to avoid ambiguities
between numeric UID and textual user names.<br> between numeric UID and textual user names.</p>
<br> <p>systemd will validate all configuration data you drop at it, making it hard to
systemd will validate all configuration data you drop at it, making it hard to
generate invalid configuration. Hence, yes, it's a feature that we don't permit generate invalid configuration. Hence, yes, it's a feature that we don't permit
invalid user names, and I'd consider it a limitation of xinetd that it doesn't invalid user names, and I'd consider it a limitation of xinetd that it doesn't
refuse an invalid username.<br> refuse an invalid username.</p>
<br> <p>So, yeah, I don't think there's anything to fix in systemd here. I understand
So, yeah, I don't think there's anything to fix in systemd here. I understand this is annoying, but still: the username is clearly not valid."</p></blockquote>
this is annoying, but still: the username is clearly not valid."</blockquote>
<p>- Lennart Poettering, systemd lead developer</p> <p>- Lennart Poettering, systemd lead developer</p>
<p><b>My thoughts:</b> systemd was the thing that allowed root access just because a <p><b>My thoughts:</b> systemd was the thing that allowed root access just because a
username started with a number, then Poettering blamed the user.</p> username started with a number, then Poettering blamed the user.</p>