[–]▶ No.1004103>>1004174 >>1006193 >>1038512 [Watch Thread][Show All Posts]
UNPRIVILEGED USERS WITH UID > INT_MAX CAN SUCCESSFULLY EXECUTE ANY SYSTEMCTL COMMAND.
https://github.com/systemd/systemd/issues/11026
https://archive.is/73vP2
▶ No.1004107>>1004110
it juts passes a password
▶ No.1004110>>1004113 >>1004214 >>1006445 >>1018860
>>1004107
Pottering:
>it's the polkit service in the background that does the authentication. Not sure I grok what's going on, but this smells like a pokit service issue
Such a typical response.
▶ No.1004113>>1004118
>>1004110
WTF does polkit even do? It's just one of those pieces of shitware that I habitually uninstall.
▶ No.1004118>>1004127 >>1004145 >>1004239 >>1004291
>>1004113
It's to allow normal users to peform tasks that should normally require admin access.
http://smcv.pseudorandom.co.uk/2015/why_polkit/
Describes it well.
▶ No.1004127>>1006255
>>1004118
That's a good explanation, thanks.
I'm still not going to use it because I don't need such a thing, but at least I can understand why it exists.
▶ No.1004145>>1004301 >>1006255
>>1004118
>not just using doas
▶ No.1004174
>>1004103 (OP)
>UNPRIVILEGED USERS WITH UID > INT_MAX CAN SUCCESSFULLY EXECUTE ANY SYSTEMCTL COMMAND.
What is all this gibberish? Help me with my taskbar, it's disappeared. Obviously your fault since the last time I paid you to backup my video files.
▶ No.1004191>>1004206 >>1004213
It's not an exploit per say, but it definietly goes to show how bad code quality is.
▶ No.1004194>>1004199
>UID > INT_MAX
how does this ever happen
▶ No.1004199>>1005090
>>1004194
UID is a long, INT_MAX is an int.
▶ No.1004206>>1004273 >>1004322 >>1004356
>>1004191
Yep, and it's only going to get hugging worse.
▶ No.1004214
>>1004110
I know,the bug should be fixed in system even though the bug is completely different software.
▶ No.1004215>>1004216
It's a bug in policykit-1 and you need root privileges to create new users with custom UIDs anyway
▶ No.1004216
>>1004215
this, it's not really an exploit.
It's just a really retarded bug.
▶ No.1004227
>(((systemd)))
like poettering.
▶ No.1004235
>>1004213
>per se
who the heck is perse
▶ No.1004239>>1006255
>>1004118
Basically it's useless shit for "year of the Leenoox danktop" cunts who can't into sudo or just su to root or login as root on /dev/ttyX. Those subversive bastards can go get notabuggered into oblivion for all I care.
▶ No.1004243>>1004253 >>1004271 >>1004274 >>1004317 >>1004339 >>1005061 >>1008395
>ANOTHER SYSTEMD EXPLOIT
>UNPRIVILEGED USERS WITH UID > INT_MAX
More like another C integer overflow bug.
Why am I retraining myself in Ada? Because since 1979 I
have been trying to write reliable code in C. (Definition:
reliable code never gives wrong answers without an explicit
apology.) Trying and failing. I have been frustrated to
the screaming point by trying to write code that could
survive (some) run-time errors in other people's code linked
with it. I'd look wistfully at BSD's three-argument signal
handlers, which at least offered the possibility of provide
hardware specific recovery code in #ifdefs, but grit my
teeth and struggle on having to write code that would work
in System V as well.
There are times when I feel that clocks are running faster
but the calendar is running backwards. My first serious
programming was done in Burroughs B6700 Extended Algol. I
got used to the idea that if the hardware can't give you the
right answer, it complains, and your ON OVERFLOW statement
has a chance to do something else. That saved my bacon more
than once.
When I met C, it was obviously pathetic compared with the
_real_ languages I'd used, but heck, it ran on a 16-bit
machine, and it was better than 'as'. When the VAX came
out, I was very pleased: "the interrupt on integer overflow
bit is _just_ what I want". Then I was very disappointed:
"the wretched C system _has_ a signal for integer overflow
but makes sure it never happens even when it ought to".
It would be a good thing if hardware designers would
remember that the ANSI C standard provides _two_ forms of
"integer" arithmetic: 'unsigned' arithmetic which must wrap
around, and 'signed' arithmetic which MAY TRAP (or wrap, or
make demons fly out of your nose). "Portable C
programmers", know that they CANNOT rely on integer
arithmetic _not_ trapping, and they know (if they have done
their homework) that there are commercially significant
machines where C integer overflow _is_ trapped, so they
would rather the Alpha trapped so that they could use the
Alpha as a porting base.
Having said which: I will gladly put up with the Alpha
exception mechanism as long as
- there is a documented C-callable function which
controls the integer trapping state
- there is a documented C-callable function which
controls IEEE-ish floating-point traps
- there is a documented C-callable function which
includes a barrier (can I _rely_ on signal(SIGFPE, f)
including a barrier?)
▶ No.1004246>>1004295
ITT : post le poitering face
▶ No.1004253>>1004302 >>1004339
>>1004243
That long quote is against you, retard. C did nothing but try to consider all the possible hardware, including the retarded archs.
▶ No.1004271>>1004302 >>1004312 >>1004339
>>1004243
C is a powerful tool. Much like a mere peasant couldn't properly wield a zweihänder, only causing injury to himself. You need to have gains from the gym of software security and computer logic in order to wield C to horse-slicing epicness. With C YOU are the person penetrating into the backside of your computer, you need to assert dominance and have the proper skills to keep the slave in line or it might cause total financial ruin on you.
Pray to the apostles of electrical manipulation: Dennis, Ken and Brian.
▶ No.1004273
>>1004206
You spelled Brazzer wrong.
▶ No.1004274>>1004339
>>1004243
I support C. You hipsters can get hugged.
▶ No.1004291>>1006255
>>1004118
So create a semi-privileged group and give them permission to use sudo for that particular task.
▶ No.1004295
>>1004246
If Pottering released his own OS, I'd unironically use it over Linux.
>There is a bug, but it lies with the firmware
>Issue closed [willnotfix]
▶ No.1004298
>UID > INT_MAX CAN
How feasible is that? Is this the same bullshit about users that start/contain numbers and would never happen anyway?
▶ No.1004301>>1006330
>>1004145
I believe polkit(Policy Kit) is to configure what users can and can't do rather than passing a privilege escalation program such as sudo or doas in the shell.
Your comment only would have made sense had this been a discussion about sudo.
▶ No.1004302>>1004307 >>1004339 >>1005061 >>1006585 >>1014750 >>1015766
>>1004253
Even on non-retarded hardware that has trapping instructions or lets you set a trap on overflow bit, there is nothing you can do to recover from the error. Ada has to check for overflows and raise an exception no matter what the hardware does unless you suppress overflow checks. C did not consider most of the hardware Ada and other non-UNIX languages can run on at all. UNIX has even more hardware restrictions than C, which is why all these RISCs are just 64-bit clones of the PDP-11 with its flat address space.
>>1004271
>C is a powerful tool.
C weenies always call C powerful but all they mean is that C has pointer arithmetic. You can't write malloc or a GC in standard C. What you can do in standard C without undefined behavior is a lot more restricted and less useful than most languages.
>Much like a mere peasant couldn't properly wield a zweihänder, only causing injury to himself. You need to have gains from the gym of software security and computer logic in order to wield C to horse-slicing epicness.
Why do none of the Linux or systemd "programmers" have these "gains" or "horse-slicing epicness" or whatever you want to call it? They are the ones responsible for all these bugs and exploits, but that's not surprising since the C language itself is just as buggy and defective as C code.
https://en.wikipedia.org/wiki/C18_(C_standard_revision)
>C18 addressed defects in C11 without introducing new language features.[3]
>The STDC_VERSION macro is increased to the value 201710L.
The C standards committee made a language with so many "defects" that the only "new feature" in 7 years was a new version number. If it was any other language (even C++), this would be a joke and probably the end of the standards committee, but in the C community, the only thing surprising about taking 7 years just to fix bugs in the standard is that it didn't take longer.
>With C YOU are the person penetrating into the backside of your computer, you need to assert dominance
With C, 15,600 Linux weenies are "penetrating into the backside of your computer," not including EFI, X11, and all that other C bullshit. You have no control because C needs so much code to do anything. Your "Hello World" and "FizzBuzz" might seem "powerful" and "dominant" to you, but it's nothing compared to the more than 60 million lines of C and C++ code you need just to be able to post here. Lisp machines have created a better environment with much less code.
>and have the proper skills to keep the slave in line or it might cause total financial ruin on you.
Just like what happened to Lucent, SGI, and all these other UNIX companies, and all these C projects like Workplace OS and Copland.
>Pray to the apostles of electrical manipulation: Dennis, Ken and Brian.
I have a lot of respect for "apostles of electrical manipulation" who created computer systems and subsystems. These AT&T employees were just shitty "programmers" who were not smart enough to do system calls properly or make a compiler that could check array bounds or integer overflows, and then blamed the hardware for their own inabilities. Much like outsourced Pajeet code, "their" pile of shit was only used to save money on licensing fees and to avoid hiring real programmers, and most of it had to be replaced and was written by other people anyway.
Subject: Mixed Up Mail
I cannot think of a comment to add that could possibly
top what follows.
I can. Isn't it typical that unix weenies would blame
hardware for this problem? Can you imagine a hardware fault
that would explain this snafu? Not a chance. This is the
Great Satan Sendmail feeding its dark energy on the mail
files of innocents.
▶ No.1004307>>1004310 >>1004339
>>1004302
shoo shoo
sudo apt-get remove rust* libstd-rust* cargo*
sudo apt-get remove snapd* libsnapd*
▶ No.1004310>>1004339
>>1004307
you're a retard and devalue any thread you post in. I'd rather have you banned than the LARPer you're responding to.
▶ No.1004312
>>1004271
Kernighan has done nothing of note except awk, and to act as a UNIX talking head. Stop idolising C. It's good but it's not this magic wondertool that only works in the hands of mega-geniuses; you're simply consistently writing trivial programs
▶ No.1004317
▶ No.1004322
>>1004206
Ha! A cathedral and bazaar reference.
▶ No.1004339
▶ No.1004356>>1004358 >>1004359
>>1004206
What are those pictures of?
▶ No.1004358
>>1004356
The first is a cathedral, the second is a bazaar.
▶ No.1004359
>>1004356
Lurk 2 years before posting.
▶ No.1004371>>1004406
Bump, how will Lennart ever recover? It's pretty clear that System D is full of these exploits and it's likely three are committed to the codebase for every one squashed.
▶ No.1004378>>1004449
▶ No.1004406>>1004816
>>1004371
No it's not clear. If you have a report detailing your numbers, then that will clear it up.
▶ No.1004449>>1004665
>>1004378
Enjoy while it lasts. Look at what people are OBSD and look at their twatters. You know, Theo can get fucked like Linus easily. Especially now when many refugess must have spread the word.
▶ No.1004665>>1004816 >>1005092 >>1005128
>>1004449
OpenBSD isn't owned by commercial interests, so it's not vulnerable to the same shenanigans. They would have better luck to pwn NetBSD but even there they have enough redpilled people who resist.
Then there's the fact that it would largely be a wasted effort. Not enough people run those OS for it to matter. They don't try to provide an alternative to Windows with the "year of the Leenoox danktop" shit, where everything has to be something idiot can click on, instead of reading man page and understanding how the OS works fundamentally.
▶ No.1004816
>>1004406
>I need a "report detailing my numbers" to know what's plainly evident
>>1004665
The biggest NetBSD installation is the non-profit sdf.org and developers of the OS are involved with that organization. It's typically running any upgrade long before the official release. They will take good care of it. SDF might be the last wild west multi-user Unix system community.
▶ No.1005061>>1005063 >>1006646
>>1004243
>>1004302
What would you rather be the industry standard or the language good programmers coded in, oh great mail list wizard? Lisp, Ada and Rust are not legitimate answers for the reasons listed below.
>No commercially viable product has been written or stayed in Lisp, Emacs uses it's own version and is an environment unto its own, the Yahoo Store and Reddit were rewritten in other languages and NASA has replaced most of its Lisp codebase too; If it is a great language why is everyone replacing their Lisp code with something else?
>Ada is good but highly specialized, only certified DoD niggers need apply
>Rust started as a superset of C/C++ then refined to the demands of the devs so recommending it as a C hater would contradictory; It's also a corporate push by Mozilla and as such developed towards corporate goals, not those of programmers aligned with the devs
▶ No.1005063>>1005094
>>1005061
Autocad
Crash Bandicoot
▶ No.1005089
Days without any new Intel, Windows 10 or systemd botnet/bug/bullshit discovered should be marked red in the calendar by now.
▶ No.1005090>>1005091
>>1004199
What currently used systems have an int that's not at least as long as a long?
▶ No.1005091
>>1005090
>currently used
Hmmm nice lawyer speak Lennart...
▶ No.1005092>>1006553 >>1015767
>>1004665
>they have enough redpilled people who resist
The same was assumed of Linux, or earlier of FreeBSD. When push came to shove though hardly anyone stood firmly against the sjw assault and eventual usual hostile takeover.
▶ No.1005094
>>1005063
AutoCAD publicly stated they were scrapping some of their Lisp functions. I'm not gonna go through their entire git to check how much is left, I know they still use some Lisp functions and likely will to the end of the program's production cycle.
Jak and Daxter (great series before the reboot) also used Lisp. Crash Bandicoot too like you mentioned. I'm glad there are people on /tech/ who aren't complete LARPers.
▶ No.1005128>>1005147 >>1005421
>>1004665
>OpenBSD isn't owned by commercial interests, so it's not vulnerable to the same shenanigans.
Nor was Linux or GNU. But now they are.
Theo may be based, but what gives him an immunity Linus didn't have?
▶ No.1005147>>1006587
>>1005128
Theo is free of the danger known as a (((feminist daughter))).
▶ No.1005421
>>1005128
Theo is the dictator for life and doesn't answer to anyone. He also doesn't want his OS to become popular, and considers it a research OS project. He's sharp enough to realize that's what it takes to stay in control of it.
▶ No.1005862>>1005931 >>1006107 >>1006142
Fuck LeFart Poottering and SystemDicks
You guys should've paid attention to the heavy shilling and unquestioned adoption of systemd, it is a cancer in the GNU/Linux environment and ought to be removed before it's too late it's too late
▶ No.1005871
How do you obtain an account with a custom UID?
▶ No.1005931>>1006011
>>1005862
I paid attention and it's not too late, for now Linux works without system d but you're right, shit's niggered up good now.
▶ No.1006011>>1006216
>>1005931
I've been running Devuan for over a year and it's been okay (I kind of fucked up by upgrading to the testing distribution from stable.)
▶ No.1006107
>>1005862
okay this is epic
▶ No.1006142>>1006143 >>1006188
>>1005862
What's a good sysd free distro to migrate to?
▶ No.1006143>>1006188
>>1006142
Gentoo. Seriously.
▶ No.1006193
>>1004103 (OP)
The joy of open source; free to see and poke holes on the faggot who can't code for shit.
▶ No.1006216>>1015768
>>1006011
I'm also on Devuan but I have this sneaking suspicion that the kernel itself is fully niggered up and it will just become more obvious over time. I'm making the move to OpenBSD as much as possible but I need Mathematica for work.
▶ No.1006255>>1006261 >>1006323
>>1004127
>>1004145
>>1004239
>>1004291
>In environments that use a MAC framework like AppArmor, actions that would normally be allowed can become privileged: for instance, in a framework for sandboxed applications, most apps shouldn't be allowed to record audio. This prevents carrying out these actions directly, again resulting in the only way to achieve them being to ask a service to carry out the action.
<inb4 "le apparmor le bad le bloat le botnet"
▶ No.1006261
>>1006255
It's just one more thing subsumed into a system which will never be feature frozen, checkpointed, audited, and fixed. Fuck that shit in the goat ass.
▶ No.1006323>>1006955
>>1006255
WTF. that's fucking braindead and defeats the purpose of using MAC in the first place. If your app can't access audio, then it's like that for a fucking reason. It shouldn't be able to access a (((service))) that provides audio, and thus get around the MAC rules. If the app in question really needs audio, then the admin or package maintainer or whoever the fuck is responsible for locking shit down must add the proper MAC rules for that app. Period. End of fuckign story. These fucking services are nothing but cianigger side channels with lots of extra bloats and room for bugs and exploitation. All fucking desktop Leenoox is this way. It's a fucking disgrace, and you're a failure for advocating it.
▶ No.1006330
>>1004301
You can do that with doas.
▶ No.1006445>>1006495 >>1006818
>>1004110
Do people here actually dislike Poettering?
▶ No.1006449
>>1006188
if he gets enough thumbs down maybe he will fuck off
▶ No.1006495>>1009231 >>1009252
>>1006445
Nobody likes him, he's insufferable, writes shitty bloated code full of holes to make it easier for the glowniggers to spy on us all, and is actually of communist East German heritage.
▶ No.1006553>>1006629 >>1006849 >>1007049 >>1007991
>>1005092
what if when the kernel turns to shit, we get together and start releasing modified kernels after each release, there's probably enough NEETs on here with the time to do it who would benefit from putting it on a resume or just the street cred.
▶ No.1006585
>>1004302
>Why do none of the Linux or systemd "programmers" have these "gains" or "horse-slicing epicness" or whatever
It's truly a mistery, sir.
▶ No.1006587>>1006650 >>1006850 >>1007050 >>1007991 >>1015770
>>1005147
How does (((anyone))) end up with a (((feminist daughter)))?
▶ No.1006629
>>1006553
I always recommend forking. It's just people don't care to invest themselves into it and bitch when other people don't do it.
▶ No.1006646
>>1005061
Just because there's no alternative doesn't mean that something isn't shit.
▶ No.1006818>>1027897
>>1006445
I just figured it out. He's the Macron of Linux.
▶ No.1006849>>1015771
>>1006553
It is a waste to do that. You cannot save anything from the literal pile of excrement that the linux kernel post code of conduct becomes. Zero redeeming features: all of its code is touched by the code of conduct cancer. Your modifications would have to be just staying at a pre code of conduct version.
It's much, much better to fork. You could even fork at ~2.6.36, the time when many generic drivers became available.
▶ No.1006850
>>1006587
by raising her in (((certain places))) and putting her on (((brainwashing centers))).
▶ No.1006955>>1007012
>>1006323
Do you even understand what "sandboxed" means?
▶ No.1007012>>1008022
>>1006955
It means illusion of security, the security theatre that all these idiots keep making by adding more code and extra layers that doesn't actually fix the root causes but only addresses symptoms. And it's the same with "mitigations". Even OpenBSD is all crazy about mitigations. They're going full hog on 64-bit ARM (which all do speculative execution) and basically treating the Cortex-A7 as third-class citizen, even though it's one of the few ARM processors that actually lives up to the so-called standards they have WRT security. THERE IS NOT ONE SINGLE MAJOR OS PROJECT IN EXISTENCE TODAY THAT'S ACTUALLY SERIOUS ABOUT SECURITY. And you bought into the fucking kool-aid, you retard.
▶ No.1007049
>>1006553
It's too big and bloated. Just easier to switch to OpenBSD now and devote effort to improving it by submitting patches for stuff you like to do.
▶ No.1007050>>1008021
>>1006587
She literally hung out with the crust punks in Pioneer Square begging for coins.
▶ No.1007991>>1028244
>>1006553
easier to write a redesigned kernel purpose-built for the current era.
>>1006587
by having a feminist wife :)
▶ No.1008015>>1008148
>THERE IS NOT ONE SINGLE MAJOR OS PROJECT IN EXISTENCE TODAY THAT'S ACTUALLY SERIOUS ABOUT SECURITY
What did you mean by this?
▶ No.1008021
>>1007050
> father makes millions in biz
> grow up in *actual* priviledged life, where money is never an issue
> get heavy dose of leftist indoctrination
This is how politicians are born.
▶ No.1008022>>1008451
>>1007012
Not all 64 bit ARM machines do speculative execution. The Pi doesn’t.
▶ No.1008148
>>1008015
he's correct you dick fuck
▶ No.1008395
>>1004243
>SJW pushing Rust finds an opportunity by blaming SJWd on C
▶ No.1008451
>>1008022
dat Cortex-A53 branch predictor tho
▶ No.1009231
>>1006495
>East German heritage
based
▶ No.1009252
>>1006495
>East German heritage
wtf i love poettering now
▶ No.1012487>>1014704
This is the absolute state of GNU/Linux. Systemd is so bloated and retarded... Ok. It boots some seconds faster in some machines, but are a couple seconds worth all the trouble it comes with?
▶ No.1013421
Pottering is a fucking cunt.
Kill him while you can... Bunch of WinLosers.
▶ No.1014704>>1014705 >>1014812
>>1012487
Why can't we just use OpenRC or some shit for enterprise? Hell tons of servers still using upstart.
▶ No.1014705
>>1014704
People don't care to invest that time. They'd prefer for other people to do the work. The tools are already there, you will have to take the time to learn how to use them and then more time to use them.
▶ No.1014750
>>1004302 (oof)
glibc/malloc/malloc.c
▶ No.1014802
▶ No.1014812
>>1014704
amazon uses sysvinit on workstations in their fulfillment centers and some meme window manager, all that just to run some javascript webapp in firefox that's tui (not even in unicode so some characters apper you know like what) over telnet. It doesn't even use ncurses so that it feels more monolithic and has more usabilty for the workers.
▶ No.1015766
>>1004302
The only good C is QuakeC
▶ No.1015767>>1018830
>>1005092
A license without an attached interest is revocable by the owner of the property.
The FSF require contributors to their projects to assign ownership of the works to them: For the FSF the license is not enough.
Put two and two together.
The BSD programmers and the Linux-Kernel programmers could revoke, since they didn't sign over title to their code.
That is how you fight back.
▶ No.1015768
>>1006216
The grsecurity "community" fork kernel is ok.
It's stuck at 4.blablabla forever. Just as it should be.
▶ No.1015770
>>1006587
By being a white man.
White men are cucks. Their wives envelope Black cocks.
▶ No.1015771
>>1006849
This is the kernel you want:
https://github.com/minipli/linux-unofficial_grsec/wiki
It is the last, only, good linux kernel left.
▶ No.1018757
Yet another systemDick exploit:
SYSTEMD-JOURNALD IS VULNERABLE TO TWO MEMORY CORRUPTIONS AND ONE INFORMATION LEAK
>>1018045
▶ No.1018830
>>1015767
>The FSF require contributors to their projects to assign ownership of the works to them: For the FSF the license is not enough.
False and false.
▶ No.1018860
>>1004110
And it smells to me like SystemD is a piece of shit.
▶ No.1018955
It's my hope that, just like the situation with OpenSSL, this will put a smaller project into the public eye
▶ No.1027870
▶ No.1027897
>>1006818
>He's the Macron of Linux.
I don't appreciate the way that systemd got pushed but I don't want him to be guillotined.
▶ No.1028244
>>1007991
>by having a feminist wife :)
but does he have such?
▶ No.1028247
▶ No.1038512
>>1004103 (OP)
long live init