New remote code execution flaw in systemd: CVE-2018-15688

>Reminder that this thing runs as PID 1.
Systemd is bad enough, you don't need to make up lies to make it look bad.

Fixed in systemd master: github.com/systemd/systemd/pull/10517

Update your boxes

Yet another reason to avoid this garbage.
Funny how they initially boasted about "muh boot times", yet Gentoo with OpenRC boots faster than any systemd distro I've used. Yes, on the same hardware.

It's true though.

By "this garbage" you mean C, right?

No, but C is indeed garbage as well.

Poor craftsmen blame their tools.

Good craftsmen don't use shitty tools.

But it isn't. The bug is in systemd-networkd, which is both optional and a daemon.

>damage control
Good programmers don't need rust, js, c# or any modern garbage to hold their hands, they can work well with C or even with fucking assembly.

oh look, it's literally nothing

> But, you say, the network byte-order is big-endian, while today's Intel and ARM processors are little-endian. So you have to swap bytes, don't you?
>No. As proof of the matter I point to every other language other than C/C++. They don't don't swap bytes. Their internal integer format is undefined. Indeed, something like JavaScript may be storing numbers as a floating points. You can't muck around with the internal format of their integers even if you wanted to.

Attached: 27f.png (1000x677, 138K)

Perfect programmers don't exist, everyone has off days. Even the best cmen also can't build everything solo.

>in C and it has buffer overflows
C was a mistake

>"There is really no excuse for code that is of this low quality.

This code has no redeeming features. It must be thrown away and rewritten yet again. This time by an experienced programmer who know what error codes mean, how to use asserts properly, and most of all, who has experience at network programming."

I ejaculated reading this. No joke.

Attached: KayAndLennart.jpg (900x372, 63K)

theres comfy, and theres Devuan Comfy

Attached: 1536766374112.jpg (225x225, 10K)

sexy beast

Attached: pottering.jpg (640x640, 241K)

never too late.
without-systemd.org/wiki/index.php/Alternatives_to_systemd

Sure thing buddy, and at the next Linux vuln, we switch to BSD.

Attached: 1539741951864.jpg (400x400, 13K)

Should have used Rust.

/Thread

Yea

Die you fucking Barneyfag

Attached: Bronies, this is your mindset.png (307x157, 28K)

Do they still air Franklin or is this an old screencap?

don't mind me im just putting this exploit in here

Attached: pottering.jpg (540x354, 39K)

>ipv6
Lol I ain't ever going to touch that shit, long live good ol' ipv4

>systemd
just rewrite it in retro BASIC
65536 bytes is enough for evereone

Attached: CPM_CLUB13.png (986x849, 55K)

Macro for future reference.

Attached: stddhcp.jpg (3456x2304, 2.51M)

also posting previous ones.

Attached: Lennart_professionalism.jpg (646x164, 23K)

Attached: Linusrektsystemd.jpg (553x334, 168K)

>C was a mistake
was not, but now, with modern optimising compilers, "C" perform same like PASCAL or FORTRAN

>PASCAL or FORTRAN
BUT THEY DONT HAVE "UNION"

How can someone be smart enough to work on systems and OS development but dumb enough to continuously and repeatedly fuck it up? I just don't understand it. I'm not saying systems development is easy. It just seems like most people who do systems development know it is difficult so they proceed with more caution and try to make sure they aren't fucking up. His attitude to handling bugs, ones which are severe enough to be issued a CVE, seems more like something you would expect from a web developer.

Attached: 1518386984683.jpg (780x658, 62K)

I hope so
I'm glad my nigga franklin isn't the subject of any digusting fetishes

> the fault isn't in the car. It's on the car seats which are entirely optional.
user your mental gymnastics have gotten you to the fucking olympics.

Time to switch to void, archfags

Thank God I'm on Windows/NT

Attached: dsk.jpg (6720x2160, 2.43M)

Guys i am using devuan right now.
Anyone know how to install runit?
I am much more familiar with that.

The should rewrite sytemd in rust to be desu

good thing literally no one uses ipv6

Never trust anyone stupid enough to write systems software in C.

The question should be What kind of a world we live in that allows this fraud to develop a cornerstone of the Linux ecosystem?
Let me remind people that Linux runs 99% of network communications (including most of the Web) and what percentage of critical systems is run from Linux is hard to say but surely it ain't close to 0.
All of it jeopardized because mo serious programmer wanted to develop a modern init system.
I had hopes the kernel community would take over but it seems they just do not want to touch the userspace even when dealing with something as important to a system as the init.

user if the rust community wasnt as shit i would have probably contributed to it and used it.
But so far it seems shitty people make shitty tools.
Are you using haiku now?

nice. very impressive.

Attached: wrong1.jpg (420x310, 22K)

NOTABUG, WONTFIX

Thats a good question too. Why the fuck does anyone put Systemd in their systems / distros? What possible reason would they have to replace some of the existing and proven init systems that have already been in use for decades for the bug ridden dumpster fire that is Systemd?

Yeah, I get service files are easier to write than SysV init scripts. But most SysV init scripts wind up being very similar. Hell, if someone hasn't already written one, it would be fairly easily to write a SysV init script generator.

Attached: 1539274217877.png (456x545, 247K)

Unfortunately, some programs are starting to depend on systemd components. For instance, Wayland requires logind (fucking why?). At least there's elogind for that case, but it's just a standalone fork of that component so it's still probably shit code.

year of desktop linux anytime now

Redox doesn't have this problem.

>overflows your buffer

kill 1
fixed

Attached: file.png (474x281, 180K)

So boys which is better runit or OpenRC?

I like runit. its v fast and comfy
wiki.voidlinux.eu/Runit

>in C
>butter overflow

TOP KEK

Hopefully this makes them consider Rust since they can't be trusted to write C.

I've never used Gentoo nor Void. Would I be able to use runit in Gentoo?

>pointer arithmetic is bad
>suggests buf, offset, and length instead
Stopped reading right there.

>void
but i don't have autism

>Hopefully this makes them consider Rust since they can't be trusted to write C.
>Incompetent programmers shouldn't program in C.
>They should stay incompetent, but in rust instead
Is this how you manage projects?

sounds like C is an objectively shit tool to use

Good thing I don't use systemd or IPv6.

Attached: 1531961597600.jpg (1270x1502, 223K)

At least, we truly see. The assholelery coming out of the systemd developers is what finally broke Torvalds.

Attached: 1362715807434.gif (142x142, 831K)

Why the fuck is a DHCP client even part of systemd?
I don't care whether or not that particular portion is part of the pid 1 systemd process, why is it even part of the project? Who though "yeah the current DHCP clients just don't work, we need yet another one"?

>DHCPv6
protocols nobody ever use

get off this weebsite

Yeah exactly. What was wrong with dhclient?

it's not systemd dbus networkmanager pulseaudio aware

Why does it need to be?

Lennart Pottering thought it was flawed because it wasn't made by the Systemd developers. Thats been pretty much his entire reasoning for everything that has been included in Systemd beside the init system, that it wasn't made by him.

Attached: 1520275684049.jpg (500x495, 101K)

The funny thing here is that wayland (specifically libweston, wayland is just the protocol) does all it's parsing like this.
It's all casts of unsanitized buffers to struct pointers and pointer arithmetics. I was really shocked the first time I opened libweston source code and found out it was written in the same style as libx11 from the 80s.

You can even install it on debian.

Pubes OS does not have this problem

>ipv6

based
cringe

Yeah, with pointer arithmetic, every time I see it in some codebase I just think "why?".
Why do this?
C should get fucking cleaned up from all of it's shit.
Basically I want something like go, but without garbage collection and a more optimized compiler.

fucking disgusting image, fuck u op

gotards are worse than ctards

You don't even program, so shut up, faggot.

>something like go, but without garbage collection and a more optimized compiler.
PASCAL

systemd is good they said. what could go wrong they said.

>>DHCPv6
>protocols nobody ever use
hackers use it to hack

The fuck? The only reason JS doesn't swap bytes is because the runtime does it first. Something has to do it, and that bridge code is probably written in C or C++. How exactly do they think it would happen otherwise? The absolute state of JStards

>self.kill
even better

there are several problems here
- redhat parasiting most important projects by making their employees work on them "freely" in order to completely control Linux systems' backbone
- most coders being passive spergs, therefore easily giving in to pressure to the average psychopath (potring is a psychopath: ego over 9000, abilities less than standard: perfect for the job)
- that arch linux diva problems (easy for the devs not for the users)
- the anarchy that stems from such projects. when there is no strong visionnary ruler, everything goes to shit after a while.

anyway switched to Devuan now. their main guy is a sjw but at least shit works.
I think nowadays, as important as reading the source code, one has to look at the curriculum of a new coder, and refuse the ones who are just in it for fame.

unfortunately the evidence does not support your claim.

Why is everyone on the Devuan bandwagon when there's comfy MX Linux, also w/o systemd and more up to date, that comes with some of their comfy tools?

> be me
> try MX
oh it's 2005 again !
devuan better, that's all

That makes no sense, what else would i expect from a normie brainlet.

> resorts to insult
opinion thrown in the gutter
thanks for showing your intellectual power next time, kiddo

How new are you here, faggot?

its really sad that this thing is running in almost every linux server in the world.