Inferencium/website
1
0
Fork 0
Code Issues Activity

Update Blog #1 from version 4.0.1.15 to 4.0.2.16.

Browse Source
This commit is contained in:
inference 2023-06-05 00:18:33 +01:00
parent 9c5d6688b1
commit 98931a502d
Signed by: inference
SSH Key Fingerprint: SHA256:9Pl0nZ2UJacgm+IeEtLSZ4FOESgP1eKCtRflfPfdX9M
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
blog/systemd_insecurity.html
View File

@ -5,7 +5,7 @@
<!-- Copyright 2022 Jake Winters -->
<!-- SPDX-License-Identifier: BSD-3-Clause -->
<!-- Version: 4.0.1.15 -->
<!-- Version: 4.0.2.16 -->
<html>
@ -69,7 +69,7 @@
<h2 id="issue0"><a href="#issue0" class="h2"
>Issue #0 - Against CVE Assignment</a></h2>
<br>
<blockquote>You don't assign CVEs to every single random bugfix we do, do you?</blockquote>
<blockquote>"You don't assign CVEs to every single random bugfix we do, do you?"</blockquote>
<p>- Lennart Poettering, systemd lead developer</p>
<br>
<p>My thoughts:<br>
@ -85,10 +85,10 @@
<h2 id="issue1"><a href="#issue1" class="h2"
>Issue #1 - CVEs Are Not Useful</a></h2>
<br>
<blockquote>Humpf, I am not convinced this is the right way to announce this. We never did that, and half the
<blockquote>"Humpf, I am not convinced this is the right way to announce this. We never did that, and half the
CVEs aren't useful anyway, hence I am not sure we should start with that now, because it is either
inherently incomplete or blesses the nonsensical part of the CVE circus which we really shouldn't
bless...</blockquote>
bless..."</blockquote>
<p>- Lennart Poettering, systemd lead developer</p>
<br>
<p>My thoughts:<br>
@ -106,8 +106,8 @@
<h2 id="issue2"><a href="#issue2" class="h2">
Issue #2 - Security is a Circus</a></h2>
<br>
<blockquote>I am not sure I buy enough into the security circus to do that though for any minor
issue...</blockquote>
<blockquote>"I am not sure I buy enough into the security circus to do that though for any minor
issue..."</blockquote>
<p>- Lennart Poettering, systemd lead developer</p>
<br>
<p>Source:<br>
@ -120,7 +120,7 @@
<h2 id="issue3"><a href="#issue3" class="h2"
>Issue #3 - Blaming the User</a></h2>
<br>
<blockquote>Yes, as you found out "0day" is not a valid username. I wonder which tool permitted you to create
<blockquote>"Yes, as you found out "0day" is not a valid username. I wonder which tool permitted you to create
it in the first place. Note that not permitting numeric first characters is done on purpose: to
avoid ambiguities between numeric UID and textual user names.
<br>
@ -129,7 +129,7 @@
it a limitation of xinetd that it doesn't refuse an invalid username.<br>
<br>
So, yeah, I don't think there's anything to fix in systemd here. I understand this is annoying, but
still: the username is clearly not valid.</blockquote>
still: the username is clearly not valid."</blockquote>
<p>- Lennart Poettering, systemd lead developer</p>
<br>
<p>My thoughts:<br>