Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Monday July 31 2017, @05:01AM   Printer-friendly
from the imminent-recursion dept.

The 2017 Pwnie winner for lamest vendor response goes to Lennart Poettering for systemd. According to CSO which has reported on it, the Pwnie winners which were announced a few days ago, the summary for Lennart and systemd reads as follows:

The most spectacular mishandling of a security vulnerability by a vendor ended up winning a Pwnie for Lennart Poettering due to SystemD bugs 5998, 6225, 6214, 5144, 6237. The nomination reads: "Where you are dereferencing null pointers, or writing out of bounds, or not supporting fully qualified domain names, or giving root privileges to any user whose name begins with a number, there's no chance that the CVE number will referenced in either the change log or the commit message. But CVEs aren't really our currency any more, and only the lamest of vendors gets a Pwnie!"


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by chromas on Monday July 31 2017, @04:05PM (4 children)

    by chromas (34) Subscriber Badge on Monday July 31 2017, @04:05PM (#547210) Journal

    The problem is none of these have been replaced by systemd yet. vi and emacs are, of course, soon-to-be on their way out. With advanced tools like hostnamectl, localectl—all the "*ctl"s—why would you need a text editor?

    You guys really overblow the whole systemd is anti-Unix-way anyhow. Systemd has lots of single-purpose utilities. For instance, systemd-hostnamed does one thing and does it well. And it's an important job, too.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 3, Insightful) by tangomargarine on Monday July 31 2017, @04:31PM (3 children)

    by tangomargarine (667) on Monday July 31 2017, @04:31PM (#547232)

    You guys really overblow the whole systemd is anti-Unix-way anyhow. Systemd has lots of single-purpose utilities. For instance, systemd-hostnamed does one thing and does it well. And it's an important job, too.

    You're ignoring the part of the Unix philosophy where all those little tools are supposed to be easily individually replaceable. Systemd's various tools are all bolted together.

    Usually somebody in these conversations claims that "modular" means "well they compile to separate executables...so what if you can't swap out any of them?"

    --
    "Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
    • (Score: 2) by chromas on Monday July 31 2017, @04:50PM (2 children)

      by chromas (34) Subscriber Badge on Monday July 31 2017, @04:50PM (#547241) Journal

      Oh, sorry, I was being sardonic, but not enough I guess :D

      I was hoping the "systemd-hostnamed" would give it away. It's a whole entire tool just for editing /etc/hostname. This is a thing that actually exists.

      • (Score: 2) by tangomargarine on Monday July 31 2017, @07:23PM

        by tangomargarine (667) on Monday July 31 2017, @07:23PM (#547312)

        Systemd in general is the incarnation of Poe's Law. Inverse Poe's Law? You think they must be joking then you find out no, they're actually serious.

        --
        "Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
      • (Score: 0) by Anonymous Coward on Monday July 31 2017, @08:45PM

        by Anonymous Coward on Monday July 31 2017, @08:45PM (#547357)

        Sweet jesus! Yeah, can't have people knowing how to fix their own computers. Must insert some 3rd party software so you can intercept the commands before the user finds ou**destroys their own computer**.