Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
The Politics of systemd Part 3
View unanswered posts
View posts from last 24 hours

Goto page Previous  1, 2, 3, 4, 5, 6, 7, 8, 9, 10  Next  
Reply to topic    Gentoo Forums Forum Index Gentoo Chat
View previous topic :: View next topic  
Author Message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 38637
Location: 56N 3W

PostPosted: Sun Jul 16, 2017 6:11 pm    Post subject: Reply with quote

steveL,

steveL wrote:
We don't hear about the ones from 30 or 40 years ago, because no-one still uses them ...

Here's a refresher.

Its all worth rereading but the relevant part starts at Historical Detour: The Open Standards Steamroller
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
devilheart
l33t
l33t


Joined: 17 Mar 2005
Posts: 824
Location: Villach, Austria

PostPosted: Mon Jul 17, 2017 7:40 am    Post subject: Reply with quote

Naib wrote:

6th July reply...
https://lists.freedesktop.org/archives/systemd-devel/2017-July/039221.html


Why would a dot conflict with chown's syntax? User and goup name are separated by a colon
Back to top
View user's profile Send private message
Naib
Watchman
Watchman


Joined: 21 May 2004
Posts: 5025
Location: Removed by Neddy

PostPosted: Mon Jul 17, 2017 8:43 am    Post subject: Reply with quote

devilheart wrote:
Naib wrote:

6th July reply...
https://lists.freedesktop.org/archives/systemd-devel/2017-July/039221.html


Why would a dot conflict with chown's syntax? User and goup name are separated by a colon


I don't know, why would a dot conflict?

is this a joke and Systemd is the punchline?


Some restrictions make sense and are needed... A username starting with . would result in the homedirectory being hidden. A username starting with - could be interpreted as an argument to a tool. Containing $ would result in shell attempting to expand what follows... ,Whitespaces are naturally delimiters for coreutils & equally other symbols, eg :, are delimiters...

Everything else is just policy. Its only bad practice having a username that is all numbers since it could easily mistaken (by humans...) to be a UID... Coreutils covers this by assuming what is provided is a username & fallback to UID.

it would not have taken much to improve the regex to ensure a minimum of one alphabetical character to mitigate an all number username [a-z_][a-z0-9_-]{1,31} becomes [a-z_]{1,1}[a-z0-9_-]{1,30} but well... PRIDE and thats is the biggest issue with Systemd.

The architecture is questionable, the implementation is debatable but my biggest issue with it is how they deal with issues. As I tell my engineers at work... We all make mistakes, that's not a problem, its how you deal with it that counts & how Pottering deals with it stinks. EWONTFIX is just so wrong.

It says something when the kernel has to implement something because quote: I can no longer trust init to do the right thing, which means systemd fuckups are affecting system stability (so the kernel needs to consider stupid outside its sandbox...) & more to the point EWONTFIX
_________________
The best argument against democracy is a five-minute conversation with the average voter
Great Britain is a republic, with a hereditary president, while the United States is a monarchy with an elective king
Back to top
View user's profile Send private message
Zucca
l33t
l33t


Joined: 14 Jun 2007
Posts: 886
Location: KUUSANKOSKI, Finland

PostPosted: Mon Jul 17, 2017 9:00 am    Post subject: Reply with quote

Naib wrote:
but well... PRIDE and thats is the biggest issue with Systemd.
Do you meant to say COURAGE? ;)
_________________
..: Zucca :..
This space is not for rent.
Back to top
View user's profile Send private message
depontius
Advocate
Advocate


Joined: 05 May 2004
Posts: 3231

PostPosted: Mon Jul 17, 2017 4:06 pm    Post subject: Reply with quote

Zucca wrote:
Naib wrote:
but well... PRIDE and thats is the biggest issue with Systemd.
Do you meant to say COURAGE? ;)


Or do you mean, "Soup"? (Big Bang Theory reference)
_________________
.sigs waste space and bandwidth
Back to top
View user's profile Send private message
gwr
Apprentice
Apprentice


Joined: 19 Nov 2014
Posts: 194

PostPosted: Tue Jul 18, 2017 12:44 pm    Post subject: Reply with quote

steveL wrote:
[At this point, I simply "cannot word", either.


I started a thing. Awesome.

Quote:
he's "Not sure I follow," he goes on to whine about how he "would have preferred if glibc wouldn't regress on this without more consideration."


This is the fundamental problem in all of this. He doesn't understand the domain, but wants everyone else to clean up his mess.
Back to top
View user's profile Send private message
krinn
Watchman
Watchman


Joined: 02 May 2003
Posts: 5763

PostPosted: Tue Jul 18, 2017 2:22 pm    Post subject: Reply with quote

Naib wrote:
https://lkml.org/lkml/2017/7/6/577
Linus wrote:
And yes, a large part of this may be that I no longer feel like I can
trust "init" to do the sane thing. You all presumably know why.

Golden quote naib :)
Back to top
View user's profile Send private message
steveL
Advocate
Advocate


Joined: 13 Sep 2006
Posts: 4776
Location: The Peanut Gallery

PostPosted: Tue Jul 18, 2017 2:34 pm    Post subject: Reply with quote

steveL wrote:
At this point, I simply "cannot word", either.
gwr wrote:
I started a thing. Awesome.
Heh, indeed. I found myself abruptly bewildered at the stupidity, and had no way to articulate the induced moment of brain-freeze.. and what you'd wrote suddenly made overwhelming sense.
Quote:
This is the fundamental problem in all of this. He doesn't understand the domain, but wants everyone else to clean up his mess.
++
He's a jack-of-all-trades, and we all know the flipside of that. He seems to think because "it's all code", it's all the same, and has no clue about what a "domain specialist" means; he just rides roughshod over the subtleties of their discussion, and then, as you say, expects everyone else to clean up the mess.

It's the difference between a "software engineer", and a "software developer". There are all kinds of roles around software, but they have to bear in mind that the product is an engineered one, not an aesthetic choice. It's about the results, not "the experience".
I shudder to think at an electrical components firm run so shoddily, with no regard for things like resistance; they simply would not get anywhere.
Yet we're expected to acquiesce in the frankly delusional plans of a software house with no apparent understanding of things like coupling and modularity.

Imagine Kirk leaning to Scotty, asking him to "break the laws of physics", and Scotty simply nodding along with an inane grin on his face. "Aye, Cap'n, that's nae bother.."

Engineers are supposed to be detail-oriented, focussed, and always worried about what might go wrong; not blase about the prospect of total failure (like giving away root to an "invalid" uid.)
Humility comes with the electic shocks. ;)

At this point, I've come to idly wish that any black-hats would simply get on and use the exploits already: it's only when his software is pinpointed as the enabling vector of a crticical attack on a major bindist, with real-world economic consequences, that Poeterring is finally going to get the software equivalent of his first electric shock from mains.
Back to top
View user's profile Send private message
Fitzcarraldo
Veteran
Veteran


Joined: 30 Aug 2008
Posts: 1282
Location: United Kingdom

PostPosted: Tue Jul 18, 2017 2:35 pm    Post subject: Reply with quote

krinn wrote:
Naib wrote:
https://lkml.org/lkml/2017/7/6/577
Linus wrote:
And yes, a large part of this may be that I no longer feel like I can
trust "init" to do the sane thing. You all presumably know why.

Golden quote naib :)

Hmm... Perhaps he has changed his mind a bit since DebConf 14.
_________________
Clevo W230SS: amd64, OpenRC, nvidia-drivers & xf86-video-intel.
Compal NBLB2: ~amd64, OpenRC, xf86-video-ati, dual booting with Win 7 Pro 64-bit.
KDE on both laptops.

Fitzcarraldo's blog
Back to top
View user's profile Send private message
Tony0945
Veteran
Veteran


Joined: 25 Jul 2006
Posts: 1908
Location: Illinois, USA

PostPosted: Tue Jul 18, 2017 2:42 pm    Post subject: Reply with quote

steveL wrote:
It's the difference between a "software engineer", and a "software developer". ...

Pure Gold, Steve.

IOW, the difference between a professional and a hack.
Back to top
View user's profile Send private message
Zucca
l33t
l33t


Joined: 14 Jun 2007
Posts: 886
Location: KUUSANKOSKI, Finland

PostPosted: Tue Jul 18, 2017 9:29 pm    Post subject: Reply with quote

krinn wrote:
Naib wrote:
https://lkml.org/lkml/2017/7/6/577
Linus wrote:
And yes, a large part of this may be that I no longer feel like I can
trust "init" to do the sane thing. You all presumably know why.

Golden quote naib :)
I'm tempted to put that quote in my sig... But I'll play safe. I don't want to start (yet another) flame war.
But golden it is. I'd almost categorize it as "pure diamonds", however...
_________________
..: Zucca :..
This space is not for rent.
Back to top
View user's profile Send private message
Fitzcarraldo
Veteran
Veteran


Joined: 30 Aug 2008
Posts: 1282
Location: United Kingdom

PostPosted: Wed Jul 19, 2017 10:43 pm    Post subject: Reply with quote

Fitzcarraldo wrote:
krinn wrote:
Naib wrote:
https://lkml.org/lkml/2017/7/6/577
Linus wrote:
And yes, a large part of this may be that I no longer feel like I can
trust "init" to do the sane thing. You all presumably know why.

Golden quote naib :)

Hmm... Perhaps he has changed his mind a bit since DebConf 14.

Or perhaps not: Systemd vs. the Linux Kernel:

Bruce Byfield wrote:
Clearly, Torvalds sees a persistent pattern in the behavior of systemd developers that makes them unworthy of his trust.

_________________
Clevo W230SS: amd64, OpenRC, nvidia-drivers & xf86-video-intel.
Compal NBLB2: ~amd64, OpenRC, xf86-video-ati, dual booting with Win 7 Pro 64-bit.
KDE on both laptops.

Fitzcarraldo's blog
Back to top
View user's profile Send private message
Naib
Watchman
Watchman


Joined: 21 May 2004
Posts: 5025
Location: Removed by Neddy

PostPosted: Mon Jul 24, 2017 6:19 am    Post subject: Reply with quote

https://www.theregister.co.uk/2017/07/24/underscore_domain_name_bug/

https://github.com/systemd/systemd/issues/6426

They really can't do DNS...
_________________
The best argument against democracy is a five-minute conversation with the average voter
Great Britain is a republic, with a hereditary president, while the United States is a monarchy with an elective king
Back to top
View user's profile Send private message
mike155
Apprentice
Apprentice


Joined: 17 Sep 2010
Posts: 152
Location: Frankfurt, Germany

PostPosted: Mon Jul 24, 2017 8:54 am    Post subject: Reply with quote

Even worse: they shouldn't do DNS at all - and they don't listen:

Paul Vixie wrote:
[...]it is unwise for dns outsiders to treat dns as something they can implement in passing and then forget about.
far better that dns outsiders find a common library dependency and use it.[...]

https://lists.dns-oarc.net/pipermail/dns-operations/2016-June/014954.html

I absolutely agree with Paul Vixie here.
Back to top
View user's profile Send private message
Zucca
l33t
l33t


Joined: 14 Jun 2007
Posts: 886
Location: KUUSANKOSKI, Finland

PostPosted: Mon Jul 24, 2017 9:42 am    Post subject: Reply with quote

Lennart wrote:
:
We need to validate the input we get, that's security 101. And POSIX
is *not* a good standard to strictly follow here and use for
validating user names, because it's *very* underdefined:

- It permits fully numeric names
- It makes no size restrictions (strictly reading the spec even permits
  zero-length usernames!)
- It permits dots, which is conflicting with traditional chown syntax
- It permits dots at the beginning of usernames (which is dangerous
  security-wise as this permits users to hide home directories)
- It permits naming users "-", which is often used as special "does
  not apply" like value

Now, because this is so weakly defined, we hence do not follow POSIX
rules, but filter out more that might be dangerous. Specifically:

1. We do not permit empty usernames
2. We don't permit the first character to be numeric
   (This also filters out fully numeric user names)
3. We do not permit dots in usernames, neither at the beginning nor in
   the middle.
4. We do not permit "-" at the beginning of usernames (something which
   POSIX explicitly suggests, btw)
5. We require that the user name fits in the utmp user name field, so
   that we can always log properly about it.

Note that this isn't even as strict as other systems go. For example,
we do permit uppercase characters, and we do permit underscores.

Although there is some sense in these rules and I agree that POSIX is too loose is some places.
But...
3. We do not permit dots in usernames, neither at the beginning nor in the middle.”.
I wonder how many people have their username as "<forename>.<surname>" ..?

And that ”traditional chown syntax” totally dropped me. Have I missed something somewhere?

And that underscore_domain_name_bug... Maybe they should hand out and split DNS stuff to someone who knows the sh*t? But I guess that's against the traditional systemd ideology of "MERGE EVERYTHING"...
_________________
..: Zucca :..
This space is not for rent.
Back to top
View user's profile Send private message
Yamakuzure
Advocate
Advocate


Joined: 21 Jun 2006
Posts: 2028
Location: Bardowick, Germany

PostPosted: Mon Jul 24, 2017 11:10 am    Post subject: Reply with quote

My new favourite. :lol:
_________________
elogind
(elogind) - [TRACKER] sys-auth/elogind - Integration into Gentoo
"A conservative is a man who is too cowardly to fight and too fat to run."
-- Elbert Hubbard
Back to top
View user's profile Send private message
krinn
Watchman
Watchman


Joined: 02 May 2003
Posts: 5763

PostPosted: Mon Jul 24, 2017 11:38 am    Post subject: Reply with quote

Naib wrote:
https://github.com/systemd/systemd/issues/6426
They really can't do DNS...


Note the
Quote:
Please note that the hostname that appears in the logs is not ipv6_1-cxl0-c088.1.lhr004.ix.nflxvideo.net but ipv61-cxl0-c088.1.lhr004.ix.nflxvideo.net


Which is in my mind worst as it again show that when systemd is facing unknown/error they have habit to change the input instead of dealing with what they are facing.
There's a difference between a bug that would crash or stop on error because for you "this_dns" is not valid ; but seeing that it doesn't crash/stop but swap "this_dns" to "thisdns" because no "_" should exists in it (for them) is really really freaking.

What if "my_system.com" get resolved silently to "mysystem.com" because this time a "mysystem.com" exist? That's serious issue.
Back to top
View user's profile Send private message
mrbassie
Guru
Guru


Joined: 31 May 2013
Posts: 478

PostPosted: Mon Jul 24, 2017 12:37 pm    Post subject: Reply with quote

Yamakuzure wrote:
My new favourite. :lol:


That was a fun read.

It did just occur to me that perhaps this 0day user name thing is actually lenny's reimplementaion of sudo. No need anymore for sudoers cluttering up /etc and wasting a colossal few k of important disk space, just have a number in your username and you're done. No need to bother typing sudo and a password is a happy bonus.
As long as nobody but admins know it's not a problem right? So sshhhhhh everybody (also not a bug, semi-secret sudod announcement coming soon).
Back to top
View user's profile Send private message
Zucca
l33t
l33t


Joined: 14 Jun 2007
Posts: 886
Location: KUUSANKOSKI, Finland

PostPosted: Mon Jul 24, 2017 3:40 pm    Post subject: Reply with quote

Yamakuzure wrote:
My new favourite. :lol:
It's like doing ↑↑↓↓←→←→BA or iddqd. Invincibility. But in case of systemd, the cheat bounces from you like from a mirror straight to your enemy: M. Bison won. KO!.
_________________
..: Zucca :..
This space is not for rent.
Back to top
View user's profile Send private message
mv
Watchman
Watchman


Joined: 20 Apr 2005
Posts: 5680

PostPosted: Tue Jul 25, 2017 1:04 pm    Post subject: Reply with quote

Zucca wrote:
And that ”traditional chown syntax” totally dropped me. Have I missed something somewhere?

I am not able to see whether your question is rhetorical, so I am answering it as a serious question:
Quite some chown implementations (including GNU's) accept "." instead of ":" as separator between name and group.
Back to top
View user's profile Send private message
Tony0945
Veteran
Veteran


Joined: 25 Jul 2006
Posts: 1908
Location: Illinois, USA

PostPosted: Tue Jul 25, 2017 1:06 pm    Post subject: Reply with quote

Thanks mv, I for one was not aware of that. Very Windowy.
Back to top
View user's profile Send private message
Zucca
l33t
l33t


Joined: 14 Jun 2007
Posts: 886
Location: KUUSANKOSKI, Finland

PostPosted: Tue Jul 25, 2017 1:58 pm    Post subject: Reply with quote

mv wrote:
Zucca wrote:
And that ”traditional chown syntax” totally dropped me. Have I missed something somewhere?

I am not able to see whether your question is rhetorical, so I am answering it as a serious question:
Quite some chown implementations (including GNU's) accept "." instead of ":" as separator between name and group.
It was a real serious question. And I sure didn't knew chown would accept "." in place of ":". :o
_________________
..: Zucca :..
This space is not for rent.
Back to top
View user's profile Send private message
strites
Tux's lil' helper
Tux's lil' helper


Joined: 28 Mar 2005
Posts: 85

PostPosted: Tue Jul 25, 2017 3:25 pm    Post subject: Reply with quote

not a bug
https://nvd.nist.gov/vuln/detail/CVE-2017-1000082
Back to top
View user's profile Send private message
depontius
Advocate
Advocate


Joined: 05 May 2004
Posts: 3231

PostPosted: Tue Jul 25, 2017 4:06 pm    Post subject: Reply with quote

strites wrote:
not a bug
https://nvd.nist.gov/vuln/detail/CVE-2017-1000082


This might be fun. The systemd developers and fanbois have bullied every element of resistance so far. I think the so-far irresistible force has found its immovable object in the NIST.
_________________
.sigs waste space and bandwidth
Back to top
View user's profile Send private message
tld
Veteran
Veteran


Joined: 09 Dec 2003
Posts: 1180

PostPosted: Tue Jul 25, 2017 4:46 pm    Post subject: Reply with quote

You know...it seems to me that proper analysis of how you handle error conditions is sort of programming 101. Not even actually...more like just plain old common sense. That is, maybe put a little thought into the ramifications of your error handling. That concept is just totally lost on these jackasses: Don't like a user name starting with a digit, run as root. Don't like underscores in DNS names, remove them, thus guaranteeing that the name you're trying to resolve is wrong, and also guaranteeing that you're going to hide the core issue in any logging!

It's as if they think that some supposed "sanitizing" of input is a magic bullet, even if that's in fact causing and even hiding the problems. How are these people even employed?

Tom
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Gentoo Chat All times are GMT
Goto page Previous  1, 2, 3, 4, 5, 6, 7, 8, 9, 10  Next
Page 5 of 10

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum