Fix code to conform to code style
This commit is contained in:
parent
2b1a6a7193
commit
c3f8f978a2
SSH Key Fingerprint:
SHA256:FtEVfx1CmTKMy40VwZvF4k+3TC+QhCWy+EmPRg50Nnc
@ -5,7 +5,7 @@
|
||||
<!-- Copyright 2022 Jake Winters -->
|
||||
<!-- SPDX-License-Identifier: BSD-3-Clause -->
|
||||
|
||||
<!-- Version: 5.0.1-alpha.4 -->
|
||||
<!-- Version: 5.0.1-alpha.5 -->
|
||||
|
||||
|
||||
<html>
|
||||
@ -41,56 +41,57 @@
|
||||
<li><a href="#issue-3">Issue #3 - Blaming the User</a></li>
|
||||
</ul>
|
||||
</section>
|
||||
<p>Anyone who cares about security may want to switch from systemd as soon as possible; its lead
|
||||
developer doesn't care about your security at all.</p>
|
||||
<p>Anyone who cares about security may want to switch from systemd as soon as possible;
|
||||
its lead developer doesn't care about your security at all.</p>
|
||||
<section id="issue-0">
|
||||
<h2 id="issue-0"><a href="#issue-0">Issue #0 - Against CVE Assignment</a></h2>
|
||||
<blockquote>"You don't assign CVEs to every single random bugfix we do, do you?"</blockquote>
|
||||
<blockquote>"You don't assign CVEs to every single random bugfix we do, do
|
||||
you?"</blockquote>
|
||||
<p>- Lennart Poettering, systemd lead developer</p>
|
||||
<p>My thoughts:<br>
|
||||
Yes, if they're security-related.</p>
|
||||
<p>Source:<br>
|
||||
<p>My thoughts: Yes, if they're security-related.</p>
|
||||
<p>Source:
|
||||
<a href="https://github.com/systemd/systemd/pull/5998#issuecomment-303782334">systemd GitHub Issue 5998</a></p>
|
||||
</section>
|
||||
<section id="issue-1">
|
||||
<h2 id="issue-1"><a href="#issue-1">Issue #1 - CVEs Are Not Useful</a></h2>
|
||||
<blockquote>"Humpf, I am not convinced this is the right way to announce this. We never did that, and half the
|
||||
CVEs aren't useful anyway, hence I am not sure we should start with that now, because it is either
|
||||
inherently incomplete or blesses the nonsensical part of the CVE circus which we really shouldn't
|
||||
<blockquote>"Humpf, I am not convinced this is the right way to announce this.
|
||||
We never did that, and half the CVEs aren't useful anyway, hence I am not sure
|
||||
we should start with that now, because it is either inherently incomplete or
|
||||
blesses the nonsensical part of the CVE circus which we really shouldn't
|
||||
bless..."</blockquote>
|
||||
<p>- Lennart Poettering, systemd lead developer</p>
|
||||
<p>My thoughts:<br>
|
||||
CVEs are supposed to be for security, and a log of when they were found and their severity, so yes,
|
||||
it *is* the correct way to announce it. It seems as if over 95 security-concious people think the
|
||||
same.</p>
|
||||
<p>Source:<br>
|
||||
<p>My thoughts: CVEs are supposed to be for security, and a log of when they
|
||||
were found and their severity, so yes, it *is* the correct way to announce it.
|
||||
It seems as if over 95 security-concious people think the same.</p>
|
||||
<p>Source:
|
||||
<a href="https://github.com/systemd/systemd/pull/6225#issuecomment-311739869">systemd GitHub Issue 6225</a></p>
|
||||
</section>
|
||||
<section id="issue-2">
|
||||
<h2 id="issue-2"><a href="#issue-2">Issue #2 - Security is a Circus</a></h2>
|
||||
<blockquote>"I am not sure I buy enough into the security circus to do that though for any minor
|
||||
issue..."</blockquote>
|
||||
<blockquote>"I am not sure I buy enough into the security circus to do that
|
||||
though for any minor issue..."</blockquote>
|
||||
<p>- Lennart Poettering, systemd lead developer</p>
|
||||
<p>Source:<br>
|
||||
<p>Source:
|
||||
<a href="https://github.com/systemd/systemd/issues/5144#issuecomment-276740654">systemd GitHub Issue 5144</a></p>
|
||||
</section>
|
||||
<section id="issue-3">
|
||||
<h2 id="issue-3"><a href="#issue-3">Issue #3 - Blaming the User</a></h2>
|
||||
<blockquote>"Yes, as you found out "0day" is not a valid username. I wonder which tool permitted you to create
|
||||
it in the first place. Note that not permitting numeric first characters is done on purpose: to
|
||||
avoid ambiguities between numeric UID and textual user names.
|
||||
<blockquote>"Yes, as you found out "0day" is not a valid username. I wonder
|
||||
which tool permitted you to create it in the first place. Note that not
|
||||
permitting numeric first characters is done on purpose: to avoid ambiguities
|
||||
between numeric UID and textual user names.<br>
|
||||
<br>
|
||||
systemd will validate all configuration data you drop at it, making it hard to generate invalid
|
||||
configuration. Hence, yes, it's a feature that we don't permit invalid user names, and I'd consider
|
||||
it a limitation of xinetd that it doesn't refuse an invalid username.<br>
|
||||
systemd will validate all configuration data you drop at it, making it hard to
|
||||
generate invalid configuration. Hence, yes, it's a feature that we don't permit
|
||||
invalid user names, and I'd consider it a limitation of xinetd that it doesn't
|
||||
refuse an invalid username.<br>
|
||||
<br>
|
||||
So, yeah, I don't think there's anything to fix in systemd here. I understand this is annoying, but
|
||||
still: the username is clearly not valid."</blockquote>
|
||||
So, yeah, I don't think there's anything to fix in systemd here. I understand
|
||||
this is annoying, but still: the username is clearly not valid."</blockquote>
|
||||
<p>- Lennart Poettering, systemd lead developer</p>
|
||||
<p>My thoughts:<br>
|
||||
systemd was the thing that allowed root access just because a username started with a number, then
|
||||
Poettering blamed the user.</p>
|
||||
<p>Source:<br>
|
||||
<p>My thoughts: systemd was the thing that allowed root access just because a
|
||||
username started with a number, then Poettering blamed the user.</p>
|
||||
<p>Source:
|
||||
<a href="https://github.com/systemd/systemd/issues/6237#issuecomment-311900864">systemd GitHub Issue 6237</a></p>
|
||||
</section>
|
||||
</body>
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user