It's over, systemd is finished.
System Down: A systemd-journald exploit
Other urls found in this thread:
youtu.be
without-systemd.org
seclists.org
twitter.com
I've got openSUSE Tumbleweed. Am I safe? Is that also compiled with GCC's -fstack-clash-protection?
>Trusting Lennart who studied at University of Hamburg and who is literally working for the NSA
Better install a systemdless distro just to be safe.
It'll still crash, and the whole design is still one giant clusterfuck :^)
imagine my shock
btw before openrc shills hop on this (not that it's terrible), consider s6
thread theme: youtu.be
Install /ourdistro/
or void
or Gentoo
or MX Linux
or anything without this shit.
>s6
what actually uses it?
>inb4 WONTFIX
Or Artix, so you can still be a living arch meme, while using OpenRC or runit.
arch is cancer, systemdildo or not
currently on arch, which distro should i switch to, Im thinking devuan.
FreeBSD
Just hope over to Artix so you can be comfy and have the runit experience. Literally all you have to do is add some repos and install/remove some packages.
why
Thank fuck I use Devuan.
Devuan is excellent if you do a minimal installation.
How big is the risk?
Basically all you have to do is spam syslog with a bunch of shit and cause memory leaks, so it's a pretty simple exploit to use.
It's that fucking easy? Holy shitware, batman. dime for em egxs linugs :::DDDD
BASED SYSTEMD DABING ON THOSE LINUX NERDS
>Fedora 28 and 29 are not exploitable because their user space is compiled with
GCC's -fstack-clash-protection.
Fedorabros win again
Systemd-Journald?
Moar liek:
Systemd-Rektd
>Suse and recent Fedoras not vulnerable
>No mention of Arch
Archfags BTFO
Unless you compile your distro properly
can you just add that to make.conf on gentoo
GuixSD with Shepherd doesn't have this problem.
I would imagine so. Advantages of Gentoo. Although if you're on Gentoo, why would you want systemd?
For anyone that wants to know why systemd blows so hard:
without-systemd.org
Devuan is a slick alternative to those familiar with debian-based distros.
Is there a vector to exploit this remotly or is this only local privilege escalation
I'm not worried. Systemd has proven time and again that it's a high quality piece of software. After all, we don't say Linux is a low quality kernel just because exploits are discovered. The professionals at Red Hat will assuredly fix the issue and we will move on.
>After all, we don't say Linux is a low quality kernel just because exploits are discovered
we do
if you allowed this clusterfuck to run on your machine, you deserve that's coming for you!
good taste
Exploit? Feh, not a bug.
Also he is of communist East German heritage.
ignore artix shills, arch is and will always be garbage. If you want something better than arch but with somewhat similar functionality, try Void.
If you want to go the full mile, try Gentoo.
The "not a bug" man did it again.
Guess I know what I'm doing when I get home. Is Void a meme or nah? Using Arch (btw).
I installed Devuan on one PC here last weekend. Tomorrow I do the other
what is wrong with arch? do I use buntu?
I went the full two miles and use Chrome OS.
Install Gentoo.
>writing software in C
you deserved it
Prajeet do
>Those System of a Down lyrics in the analysis sections
Absolutely based. Top taste in SoaD tracks.
Void is a tiny independent distro. Has very little manpower but somehow managed to survive when even its creator decided to don't give a fuck anymore and dissapear. It might or might not work for you. For me, it had a weird bug that completely froze the computer at random with no signs, no logs, no nothing so I could not give a care about it and dropped it.
Anyone do a pci passthrough on devaun?
Should've written it in Rust
This. Addressing "security vulnerabilities" in C programs is merely treating the symptoms.
>write it in sjw guys
But isn't Poettering one himself?
Yes which is honestly why I'm surprised he didn't,
Highly recommended desu. Have a desktop and a thinkpad with Devuan installed. Boot times are a hell of a lot longer than with systemd, sadly, but if my machines are more secure, then it's worth it.
>look mom, I posted it again
>seclists.org
TRANSLATION
We decided to see if we could fuck up systemd and exploit it so we sat at a computer for 3 years angrily bashing keys as we hate systemd
We finally exploited it and we can hack your computer too if you invite us to your home and let us fuck your computer up.
It's a pretty useless attack as you have to be root to do it and have access to the keyboard.
We are twats
thank you
oh and we haet systemd
INGURAND COOMMING HOMMEEE
SCORE SUM FUACKINNG CVE
YEAHH FUCK SYSTEMD AND FUCK THE GERMANS
Why do Cniles automatically assume it's either C or Rust?
Because when someone bitches about C it's a rust npc 90% of the time.
No, that's just a convenient strawman to avoid addressing the glaring issue that C is simply the wrong language for safety-critical code, yet it's still used for it.
Whats up with this autistic "system of a down" quotes?
> as you have to be root
Lolno.
No it's just the truth
>using this instead of these
Germans did nothing wrong!
the systemd journald sockets are all root.