Systemd wins top gong for 'lamest vendor' in Pwnie security awards
The lamest vendor response award went to Systemd supremo Lennart Poettering for his controversial, and perhaps questionable, handling of the following bugs in everyone's favorite init replacement. Nomination Submission: Awarded to the vendor who mis-handled a security vulnerability most spectacularly. SystemD bugs 5998, 6225, 6214, 5144, 6237 Credit: Lennart Poettering Where you are dereferencing null pointers, or writing out of bounds, or not supporting fully qualified domain names, or giving root privileges to any user whose name begins with a number, there's no chance that the CVE number will referenced in either the change log or the commit message. But CVEs aren't really our currency any more, and only the lamest of vendors gets a Pwnie! https://pwnies.com/nominations/ https://www.theregister.co.uk/2017/07/28/black_hat_pwnie_awards/
On Sun, 30 Jul 2017 16:44:51 +1200, Bryan Baldwin wrote:
The lamest vendor response award went to Systemd supremo Lennart Poettering for his controversial, and perhaps questionable, handling of the following bugs in everyone's favorite init replacement.
This is why one should not uncritically report things without checking into what exactly they are talking about.
Can you elaborate? What would a critical mind have rejected this article for? What exactly should Bryan have checked into, that he apparently missed in this case? If it's bad enough to win a Pwnie, I would have thought that would be at least some evidence that all isn't perfect, and that sharing the article would not be particularly ... 'uncritical'. But I'm open to persuasion. E -------------------------------------------- Q: Why is this email five sentences or less? A: http://five.sentenc.es On Sun, 30 Jul 2017, at 16:58, Lawrence D'Oliveiro wrote:
On Sun, 30 Jul 2017 16:44:51 +1200, Bryan Baldwin wrote:
The lamest vendor response award went to Systemd supremo Lennart Poettering for his controversial, and perhaps questionable, handling of the following bugs in everyone's favorite init replacement.
This is why one should not uncritically report things without checking into what exactly they are talking about. _______________________________________________ wlug mailing list | wlug(a)list.waikato.ac.nz Unsubscribe: https://list.waikato.ac.nz/mailman/listinfo/wlug
participants (3)
-
Bryan Baldwin -
Eric Light -
Lawrence D'Oliveiro