It's over, systemd is finished.
System Down: A systemd-journald exploit
Cameron Ross
Other urls found in this thread:
youtu.be
without-systemd.org
seclists.org
twitter.com
Evan Bell
I've got openSUSE Tumbleweed. Am I safe? Is that also compiled with GCC's -fstack-clash-protection?
Parker Green
>Trusting Lennart who studied at University of Hamburg and who is literally working for the NSA
Austin Peterson
Better install a systemdless distro just to be safe.
Luke Hernandez
It'll still crash, and the whole design is still one giant clusterfuck :^)
Jacob Richardson
imagine my shock
btw before openrc shills hop on this (not that it's terrible), consider s6
Thomas Morales
thread theme: youtu.be
Ryder Green
Install /ourdistro/
or void
or Gentoo
or MX Linux
or anything without this shit.
>s6
what actually uses it?
Juan Parker
>inb4 WONTFIX
Jace Peterson
Or Artix, so you can still be a living arch meme, while using OpenRC or runit.
Eli Carter
arch is cancer, systemdildo or not
Juan Bell
currently on arch, which distro should i switch to, Im thinking devuan.
Jack Ramirez
FreeBSD
Grayson Robinson
Just hope over to Artix so you can be comfy and have the runit experience. Literally all you have to do is add some repos and install/remove some packages.
Andrew Johnson
why
Juan Cooper
Thank fuck I use Devuan.
Devuan is excellent if you do a minimal installation.
Easton Hall
How big is the risk?
Dominic Lopez
Basically all you have to do is spam syslog with a bunch of shit and cause memory leaks, so it's a pretty simple exploit to use.
Luke Anderson
It's that fucking easy? Holy shitware, batman. dime for em egxs linugs :::DDDD
Ethan Cooper
BASED SYSTEMD DABING ON THOSE LINUX NERDS
Jaxson Long
>Fedora 28 and 29 are not exploitable because their user space is compiled with
GCC's -fstack-clash-protection.
Fedorabros win again
Gabriel Russell
Systemd-Journald?
Moar liek:
Systemd-Rektd
Robert Harris
>Suse and recent Fedoras not vulnerable
>No mention of Arch
Archfags BTFO
Charles Williams
Unless you compile your distro properly
Noah Butler
can you just add that to make.conf on gentoo
Henry Bailey
GuixSD with Shepherd doesn't have this problem.
Hudson Harris
I would imagine so. Advantages of Gentoo. Although if you're on Gentoo, why would you want systemd?
Hudson Morris
For anyone that wants to know why systemd blows so hard:
without-systemd.org
Devuan is a slick alternative to those familiar with debian-based distros.
Jose Torres
Is there a vector to exploit this remotly or is this only local privilege escalation
Xavier Moore
I'm not worried. Systemd has proven time and again that it's a high quality piece of software. After all, we don't say Linux is a low quality kernel just because exploits are discovered. The professionals at Red Hat will assuredly fix the issue and we will move on.
Ian Howard
>After all, we don't say Linux is a low quality kernel just because exploits are discovered
we do
Jackson Campbell
if you allowed this clusterfuck to run on your machine, you deserve that's coming for you!
Henry Evans
good taste
Bentley Lopez
Exploit? Feh, not a bug.
Also he is of communist East German heritage.
Gabriel King
ignore artix shills, arch is and will always be garbage. If you want something better than arch but with somewhat similar functionality, try Void.
If you want to go the full mile, try Gentoo.
David Miller
The "not a bug" man did it again.
William Perry
Guess I know what I'm doing when I get home. Is Void a meme or nah? Using Arch (btw).
Carter Gonzalez
I installed Devuan on one PC here last weekend. Tomorrow I do the other
Lincoln Martinez
what is wrong with arch? do I use buntu?
Ian Rivera
I went the full two miles and use Chrome OS.
Jose Kelly
Install Gentoo.
Matthew Fisher
>writing software in C
you deserved it
Jacob Jenkins
Prajeet do
Logan Jones
>Those System of a Down lyrics in the analysis sections
Absolutely based. Top taste in SoaD tracks.
Noah Ross
Void is a tiny independent distro. Has very little manpower but somehow managed to survive when even its creator decided to don't give a fuck anymore and dissapear. It might or might not work for you. For me, it had a weird bug that completely froze the computer at random with no signs, no logs, no nothing so I could not give a care about it and dropped it.
Brody Murphy
Anyone do a pci passthrough on devaun?
Chase Roberts
Should've written it in Rust
Camden Barnes
This. Addressing "security vulnerabilities" in C programs is merely treating the symptoms.
Jacob Roberts
>write it in sjw guys
Benjamin Scott
But isn't Poettering one himself?
Lincoln Cooper
Yes which is honestly why I'm surprised he didn't,
Jordan Turner
Highly recommended desu. Have a desktop and a thinkpad with Devuan installed. Boot times are a hell of a lot longer than with systemd, sadly, but if my machines are more secure, then it's worth it.
>look mom, I posted it again
Lucas Gray
>seclists.org
TRANSLATION
We decided to see if we could fuck up systemd and exploit it so we sat at a computer for 3 years angrily bashing keys as we hate systemd
We finally exploited it and we can hack your computer too if you invite us to your home and let us fuck your computer up.
It's a pretty useless attack as you have to be root to do it and have access to the keyboard.
We are twats
thank you
oh and we haet systemd
Jaxon James
INGURAND COOMMING HOMMEEE
SCORE SUM FUACKINNG CVE
YEAHH FUCK SYSTEMD AND FUCK THE GERMANS
Colton Evans
Why do Cniles automatically assume it's either C or Rust?
Wyatt Walker
Because when someone bitches about C it's a rust npc 90% of the time.
Zachary Jackson
No, that's just a convenient strawman to avoid addressing the glaring issue that C is simply the wrong language for safety-critical code, yet it's still used for it.
Grayson King
Whats up with this autistic "system of a down" quotes?
Kevin Hall
> as you have to be root
Lolno.
Jayden Carter
No it's just the truth
Kayden Richardson
>using this instead of these
Landon Sullivan
Germans did nothing wrong!
Matthew Walker
the systemd journald sockets are all root.