Is Slackware affected by the Linux vulnerability discovered by Microsoft?
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Then they are 'up-sh1t-creek' aren't they...
(Please note: Not starting a flame war here, there is enough of that going around)
For something that critical, I would have expected the Mil to run one of the BSDM variants. Perhaps even a Linux distro that is unaffected by the Linux version of the registry aka systemd.
So, you believe that you are smarter than the entire US Army?
Last edited by LuckyCyborg; 04-30-2022 at 03:36 PM.
The US Army is one of the groups you keep referring to as systemd "hatters". If anyone here thinks they are smarter than our military... it's you.
What? I've never did this. Show me where I said this!
And WHY I should blame them to be systemd "hatters" when they "recently enlisted Red Hat, Inc., the world’s largest provider of open-source solutions, to help improve squadron operations and flight training." ?
As probably you do (not yet?) noticed, I asked the one forum member who started to have fantasies regarding BSD while literally quoting this:
Quote:
Originally Posted by rkelsen
Also: "The United States Department of Defense recognizes the key benefits associated with open-source development and trusts Linux as its operating system. In fact, the US Army is the single largest installed base for RedHat Linux and the US Navy nuclear submarine fleet runs on Linux, including their sonar systems. Moreover, the Department of Defense just recently enlisted Red Hat, Inc., the world’s largest provider of open-source solutions, to help improve squadron operations and flight training."
The guy responded this:
Quote:
Originally Posted by yvesjv
Then they are 'up-sh1t-creek' aren't they...
(Please note: Not starting a flame war here, there is enough of that going around)
For something that critical, I would have expected the Mil to run one of the BSD variants. Perhaps even a Linux distro that is unaffected by the Linux version of the registry aka systemd.
Definitively they (US Army) does not look like being systemd "hatters" and I never believed that them will believe otherwise.
The Military, (almost certainly) no matter from what country, has the legs on ground and looks for efficiency and robustness, not for what some minority of thousands profess on Internet.
Last edited by LuckyCyborg; 04-30-2022 at 04:28 PM.
What? I've never did this. Show me where I said this!
(TL;DR)
And THIS, boys and girls, is what a gaslighting troll looks like.
He lurks under digital bridges, picking fights because he has nothing better to do.
I would offer some tangible knowledge in this area since I have had this discussion with actual DoD customers but it's all an excercise in futility when the lucky robot man starts wall-posting.
Didn't I say 'Not starting a flame war here!' ( ͡° ͜ʖ ͡°)
Deploying systemd in submarines makes me hopeful for the planet vs a nuclear holocaust.
When the sardines hit the ballistic missile buttons, it will be something like that on the screens #systemd: Freezing execution.
# reboot
Last edited by yvesjv; 04-30-2022 at 06:22 PM.
Reason: funny
Then they are 'up-sh1t-creek' aren't they...
(Please note: Not starting a flame war here, there is enough of that going around)
For something that critical, I would have expected the Mil to run one of the BSD variants. Perhaps even a Linux distro that is unaffected by the Linux version of the registry aka systemd.
I accidentally pressed "helpful" on your post. I did not meant to, thus this post.
I respectively disagree and I understand why the Army would use RHEL. But I do not want to say more since I think this thread is on its way to becoming one of those mega flamefests we sometimes see here when systemd is brought up
I accidentally pressed "helpful" on your post. I did not meant to, thus this post.
I respectively disagree and I understand why the Army would use RHEL. But I do not want to say more since I think this thread is on its way to becoming one of those mega flamefests we sometimes see here when systemd is brought up
Regards
John
All good John
I probably am not the only one who appreciates your honesty
From my above posts it might seem I'm not a fan of systemD. Which is correct. I'm not. For my personal computer I want "raw access" to the kernel. Not encapsulating it...
But should I run a larger install and especial something as serious as The Army or The Navy I definitely would look for a system backed up by some big muscles. Red Hat/IBM absolutely tops the list. Of course.
For something that critical, I would have expected the Mil to run one of the BSD variants. Perhaps even a Linux distro that is unaffected by the Linux version of the registry aka systemd.
Although I am a fan of the BSDs I can understand why the US military opted for RHEL. Red Hat has a well established IT support team to help corporate clients.
Serious question though:
At work, we have this one guru that is literally the last man standing in the Linux (RH) admin team, the others have been poached and moved on due to career progression.
Is there such a thing as mutant virus/worm/malware/etc that could take advantage of systemd, spread to every RH server and make his life more difficult than it should be?
I too am seriously thinking of a BSD for migrating an old server to.
ATM, I'm looking at OpenBSD.
Serious question though:
At work, we have this one guru that is literally the last man standing in the Linux (RH) admin team, the others have been poached and moved on due to career progression.
Is there such a thing as mutant virus/worm/malware/etc that could take advantage of systemd, spread to every RH server and make his life more difficult than it should be?
I too am seriously thinking of a BSD for migrating an old server to.
ATM, I'm looking at OpenBSD.
That's what this is. As I understand it a single feature within the systemd ecosystem can be used to run arbitrary scripts, as root. So the attacker could do anything root can do.
But this particular attack involves leveraging a single feature that is technically optional. This concept isn't unique to systemd - I'm sure the BSDs have their own collection of exploits.
Quite simply: Turn off all services you don't use. That is old advice, but is still one of the best methods for reducing your attack surface.
Contrary to the poster above, the problem which is the subject of this thread is not a "worm" as such. It's an old-school root exploit which could be used by a worm. It is also a "systemd-only" problem. If you have any systems with systemd, and you use networkd-dispatcher, then you should upgrade that package ASAP.
The relevant part is in the second paragraph of the article which was linked:
"We discovered the vulnerabilities by listening to messages on the System Bus while performing code reviews and dynamic analysis on services that run as root, noticing an odd pattern in a systemd unit called networkd-dispatcher. Reviewing the code flow for networkd-dispatcher revealed multiple security concerns, including directory traversal, symlink race, and time-of-check-time-of-use race condition issues, which could be leveraged to elevate privileges and deploy malware or carry out other malicious activities. We shared these vulnerabilities with the relevant maintainers through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR). Fixes for these vulnerabilities, now identified as CVE-2022-29799 and CVE-2022-29800, have been successfully deployed by the maintainer of the networkd-dispatcher, Clayton Craft. We wish to thank Clayton for his professionalism and collaboration in resolving those issues. Users of networkd-dispatcher are encouraged to update their instances."
Since it is not possible for non-systemd systems to use networkd-dispatcher, I fail to see how this could affect anything else.
Quote:
Originally Posted by yvesjv
Is there such a thing as mutant virus/worm/malware/etc that could take advantage of systemd, spread to every RH server and make his life more difficult than it should be?
There could be, but he just needs to ensure that he keeps the systems up to date with all of the latest security patches... as with everything else really.
Quote:
Originally Posted by yvesjv
I too am seriously thinking of a BSD for migrating an old server to.
ATM, I'm looking at OpenBSD.
The first question I have is: What services does that machine provide?
Sound advice for anyone running servers and desktops.
Keep patching.
Usual network administration server for networking devices, remote backups, python scripts, etc...
Primarily scp, rsync and a lot of files (small to huge) from literally hundreds of concurrent sources every night.
A few select users that auth against a remote radius server for access, perhaps radsec if supported.
But that's a different topic that I've asked at https://www.linuxquestions.org/quest...sd-4175711539/
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.