Re: [DNG] The D in Systemd stands for 'Dammmmit!'

Mon, 29 Oct 2018 12:42:29 -0700 

On 29/10/2018 18:37, Daniel Taylor wrote:

On 10/27/18 2:38 PM, Steve Litt wrote:

On Sat, 27 Oct 2018 14:24:22 +0200
info at smallinnovations dot nl <i...@smallinnovations.nl> wrote:


Not my words although i agree fully with them:
https://www.theregister.co.uk/2018/10/26/systemd_dhcpv6_rce/

"The overflow can be triggered relatively easy by advertising a DHCPv6
server with a server-id >= 493 characters long," Wilhelm noted.

They say: You must use systemd because sysvinit is soooooo old.

I say: You must use strncpy()/strncat() because strcpy()/strcat() are
    soooooo old.


What's it been now, 30 years since the strn versions of those
commands have been around? You'd think they'd have taken that in and
adopted it by now. But nooooooooooooooooooooooooo!



My first thought: you're kidding.
My second thought: what if they're not kidding?
My third thought: let's look...

dtaylor@boti:~/src/systemd$ find . -type f -exec grep -il strcat {} \;
./src/basic/unit-name.c
dtaylor@boti:~/src/systemd$ find . -type f -exec grep -il strcpy {} \;
./src/nss-mymachines/nss-mymachines.c
./src/libsystemd/sd-bus/test-bus-marshal.c
./src/libsystemd/sd-bus/bus-internal.h
./src/time-wait-sync/time-wait-sync.c
./src/nss-systemd/nss-systemd.c
./src/network/networkd-ndisc.c
./src/network/networkd-network.c
./src/portable/portable.c
./src/shared/import-util.c
./src/shared/dissect-image.c
./src/shared/bus-unit-util.c
./src/shared/clean-ipc.c
./src/shared/firewall-util.c
./src/machine/machinectl.c
./src/basic/time-util.c
./src/basic/khash.c
./src/basic/escape.c
./src/basic/json.c
./src/basic/path-util.h
./src/basic/cap-list.c
./src/basic/cgroup-util.c
./src/basic/path-util.c
./src/basic/fileio.c
./src/basic/unit-name.c
./src/core/automount.c
./src/core/manager.c
./src/core/dbus-execute.c
./src/core/dynamic-user.c
./src/boot/efi/boot.c
./src/journal/catalog.c
./src/journal/journald-audit.c
./src/resolve/resolved-dns-rr.c
./src/test/test-unit-file.c
./src/test/test-condition.c
./src/udev/scsi_id/scsi_serial.c
./src/udev/scsi_id/scsi_id.c
./src/udev/udev-ctrl.c


That's just depressing.
I still have a copy of the paper that brought strncpy / strncat to the world's attention all those years ago. 

DaveT

_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Reply via email to