Fucking Systemd

systemd claims another victim
Thanks Pottering.
relevant
https://superuser.com/questions/1153203/ubuntu-17-04-systemd-resolved-dns-lookups-randomly-fail

I'd just like to interject for moment. What you're refering to as Linux, is in fact, systemd/Linux, or as I've recently taken to calling it, systemd plus Linux. Linux is not an operating system unto itself, but rather another free component of a fully functioning systemd system made useful by the systemd corelibs, shell utilities and vital system components comprising a full OS as defined by POSIX.

Many computer users run a modified version of the systemd system every day, without realizing it. Through a peculiar turn of events, the version of systemd which is widely used today is often called Linux, and many of its users are not aware that it is basically the systemd system, developed by the systemd Project.

There really is a Linux, and these people are using it, but it is just a part of the system they use. Linux is the kernel: the program in the system that allocates the machine's resources to the other programs that you run. The kernel is an essential part of an operating system, but useless by itself; it can only function in the context of a complete operating system. Linux is normally used in combination with the systemd operating system: the whole system is basically systemd with Linux added, or systemd/Linux. All the so-called Linux distributions are really distributions of systemd/Linux!

>>2
It's systemd/Magenta now, Linux is so decrepit.

What programming language is this?

The time of GNU/Hurd has finally come.

>>3
Magenta will replace the bloated stinking Linux turd with a small and efficient diamond.

>>4
https://atom.io/packages/language-systemd

https://github.com/systemd/systemd/issues/4315

>>8
1.Bug existed for YEARS
2.Pottering dodges all reasonable arguments
3.Issue is closed
4.Ubuntu since 16.10(and 17.04) comes with broken DNS

https://lists.dns-oarc.net/pipermail/dns-operations/2016-June/014964.html
It uses nsswitch to basically take over gethostbyname*() and
getaddrinfo(). This means any software using a DNS library like ldns,
unbound, bind, knot, etc bypasses this system and gets an inconsistent
DNS view from the rest of the system. It explictely does not support
those kind of applications. Due to its issues below, this is a problem
for applications insisting on DNSSEC answers (eg postfix). It does not
supply a "local DNS server" that those dns libraries could use to get
a consistent view

>Ebin XML monstrosity
The process turns a request for binary DNS data into into XML, feeds it
into the sytemd/dus ecosystem, which turns it into binary DNS to send
it to the forwarder. The binary DNS answer then gets turned into XML
goes through systemd/dbus, then is turned back into binary DNS to feed
back into glibc. Apart from errors in this process, like last year's
CVE on cache poisoning attacks, this means the systemd people need to
very actively maintain their code whenever a new feature or RRTYPE is
added to the DNS protocol. Maintenance and bugfixes is not systemd's
strong point. This architecture is overly complex and unneccessary.

>>11
systemd is ENTERPRISE QUALITY

systemd-resolved could be made to crash or run programs if it received a specially crafted DNS response.

https://news.ycombinator.com/item?id=14652787
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9445

why the fuck does an init system have its own DNS resolver? also, who the fuck does DNS with XML?

>>14
I sometimes wonder if Lennart is secretly paid by MS to insert shitware into Linux ecosystem.

>>15
You don't need to pay people like him, you only need to feed their ego and encourage them. That's what makes them so great!

In 2011 Poettering, one of the main developers of PulseAudio, praised the Windows and MacOS audio stacks as "more advanced"
“With systemd, we really tried hard to look around at other operating systems and while we focus mostly on Unix-like operating systems, we also spent a lot of time looking at Windows to find some interesting idea there.”

>>15
Nope, it's the NSA.

Systemd is turdware. Linux is turdware, making it a turd-coated turd.

>>15
Poettering (Poettered, Poetter): to replace a simple working system with a complex error-prone one. See also: second-system effect.

Poettering is my personal hero, finally after these years somebody is killing the GNU/Linux monster.

>>21
Microsoft is already working on it. Need more time.

>>22
Microsoft doesn't even have a C11 compiler.

>>23 Worse
Now, the Visual C++ compiler team receives the occasionally question as to why we haven’t implemented C99. It’s really based on interest from our users. Where we’ve received many requests for certain C99 features, we’ve tried to implement them (or analogues). A couple examples are variadic macros, long long, __pragma, __FUNCTION__, and __restrict. If there are other C99 features that you’d find useful in your work, let us know! We don’t hear much from our C users, so speak up and make yourselves heard

https://stackoverflow.com/questions/44430141/missing-c11-strerrorlen-s-function-under-msvc-2017
MS is stuck with C89

Systemd gives root to any account with a user name starting with a number
https://github.com/systemd/systemd/issues/6237
clearly not a bug

>>26

if the username is valid but the user doesn't exist we'll let the unit fail on start. If the username is already invalid syntax-wise we'll log about it but proceed.

That was PERL QUALITY input validation!

>>25

That being said, the function you ask for is part of the optional bounds-checking interface, which I believe very few, if any, compilers have yet implemented.

Why is this called a bounds-checking interface? Do any of these retards know what bounds-checking means? It should be called brain-damaged bullshit.

>>26
why does he say that usernames starting with numbers are invalid? what standard says they are?

>>29
Its irrelevant if the username is valid or not. It gives you root.
Its like complaining exploit writes choose invalid length of buffer.

>>30
I think he's arguing that the bug is not on his side - if the username is truly invalid then the operating system should reject any attempts at creating it (for example I'm pretty sure that you could cause bugs in a lot of Linux software by having anything other than printable ASCII chars in your username, but nobody would complain about that because the OS won't allow such a name).

>>9
This algorithm solves nearly 100% of systemd bugs.
>>31
Relying on other components and NOT VALIDATING input is retarded.
You can't be sure there no loophole to create some invalid "OS won't allow" thing,
instead you assume every component is compromised and work from that.
Its like babby-tier computer security("we only work with valid inputs or undefined behavior")

>>32
to add this could be fixed with a single test isdigit(username[0]) which will detect
the username starting with digit. (<ctype.h> isdigit())
Its not like this test is some performance sapping subroutine(like floating point exceptions).
But instead of fixing such simple problem he dodges the responsibility and closes the issue.

Poettering just announced he's switching over to Rust and rewriting systemd in it.

>>34
if it ain't broke, don't fix it

>>32,33
yes and no. there are certain assumptions you have to make when it comes to security ('attacker doesn't have root access to the device' is a reasonable assumption, you just can't be secure if he has). the big one when it comes to security on *nix is that a username will not contain :. if username with : would be accepted, you'd break anything that relies on the contents /etc/passwd and /etc/shadow. this isn't a bug though as such usernames won't be accepted and only root can edit those files directly.

on the other hand, an assumption that a username won't start with a digit is retarded because there's nothing in POSIX standard or common *nix practice that says they won't.

https://www.phoronix.com/scan.php?page=news_item&px=Systemd-Mount

>>37 Embrace, Extend, Extinguish.
http://blog.fpmurphy.com/2014/04/system-d-and-etcfstab.html

>>38
I'm shocked it uses ini format and not xml

>>39
To sweeten the poison, it will switch to xml someday with text as "legacy option".

>>40
Not just any regular XML, semantic binary XML compressed with Brotli and stored in a distributed database using blockchain technology. The wysiwyg editor will be reminiscent of a cross between regedit.exe from Windows 95 and the original Bitcoin Wallet, but it will be written in a combination of Node.js and Rust, with 95% of the Rust code inside of unsafe blocks.

>>41
Heya!

We have recently put up the web site for All Systems Go! 2017, the
successor conference for systemd.conf, with a broader focus, and a
larger audience. systemd will play a major role, but it's hopefully
going to be just one of many projects presented.

All Systems Go! 2017 will take place in Berlin, Germany, on Oct
21./22. Please mark these days in your calendars!

We'll open the CfP soon, for now if you are looking for more
information, please have a look at our web site:

https://all-systems-go.io/

You may already buy tickets, and if you do you can take benefit of the
special Early Bird offer!

Lennart

--
Lennart Poettering, Red Hat