diff --git a/blog/systemd_insecurity.html b/blog/systemd_insecurity.html index fd21477..59b4f8e 100644 --- a/blog/systemd_insecurity.html +++ b/blog/systemd_insecurity.html @@ -5,7 +5,7 @@ - + @@ -69,7 +69,7 @@
You don't assign CVEs to every single random bugfix we do, do you?+
"You don't assign CVEs to every single random bugfix we do, do you?"
- Lennart Poettering, systemd lead developer
My thoughts:
@@ -85,10 +85,10 @@
Humpf, I am not convinced this is the right way to announce this. We never did that, and half the +"Humpf, I am not convinced this is the right way to announce this. We never did that, and half the CVEs aren't useful anyway, hence I am not sure we should start with that now, because it is either inherently incomplete or blesses the nonsensical part of the CVE circus which we really shouldn't - bless...+ bless..."
- Lennart Poettering, systemd lead developer
My thoughts:
@@ -106,8 +106,8 @@
I am not sure I buy enough into the security circus to do that though for any minor - issue...+
"I am not sure I buy enough into the security circus to do that though for any minor + issue..."
- Lennart Poettering, systemd lead developer
Source:
@@ -120,7 +120,7 @@
Yes, as you found out "0day" is not a valid username. I wonder which tool permitted you to create +"Yes, as you found out "0day" is not a valid username. I wonder which tool permitted you to create it in the first place. Note that not permitting numeric first characters is done on purpose: to avoid ambiguities between numeric UID and textual user names.+ still: the username is clearly not valid."
@@ -129,7 +129,7 @@ it a limitation of xinetd that it doesn't refuse an invalid username.
So, yeah, I don't think there's anything to fix in systemd here. I understand this is annoying, but - still: the username is clearly not valid.
- Lennart Poettering, systemd lead developer
My thoughts: