Vulneratbility - Slackware can be compromised - all versions affected
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Thanks, this clarifies a lot. So shortly you never manged something in Linux larger than desktop? Perhaps home network. I am of course hobbyist/user of Slackware. Except of short period of using Devuan which ended with hard drive failure - I run only Slackware. For personal use but time to time I touched more complex things. But at the end all distros are hobbyists supported. RHEL will be helpless without Fedora users - imagine amount of money RHEL will have to pay to professional testers. So at the end it is to convince users that they run "safe, secure, stable system". Which in fact reduce to pay or to learn.
Those services are disabled by default. If they aren't running, you can't be hit by vulnerabilities with them. Just stick with the default services...
What I don't understand is your love affair with everything Darth Vader. You continually bring up his posts years after he was banned... and the posts you bring up are usually about concepts that are generally anti-Slackware (like suggesting the installer offer partial installs here).
Slackware has always included a lot of software that many people won't use. Trying to change that is trying to change what Slackware is. Darth wasn't successful and you won't be either.
BUT, the Slackware installer offers partial installs. And it always had, even if you believe that's anti-Slackware.
True, last time I used it was several months ago, but it still offered the ability to select the categories of packages to be installed.
I will not argue with you how anti-Slackware is to have yet another category for the network servers. If you say so, probably it is anti-Slackware. Like I said already, probably Apache2 and several FTP servers is a must have for any honorable Slacker, even on a HTPC box.
However, regarding Darth Vader and his anti-Slackware ideas, I remember that the main ones was the adoption of: LinuxPAM/Kerberos and elogind - in fact even his last river-thread was about elogind.
As strange as it looks, those anti-Slackware software are now part of future Slackware 15, even he was banned long time ago.
Here we can argue if he was successfully to change the Slackware, or he was a visionary who seen what we will need in no more than several years.
But, no matter how you look at this story and history, his main "demands" are already fulfilled today, by the grace of Gods.
Last edited by LuckyCyborg; 05-09-2021 at 04:01 PM.
But, no matter how you look at this story and history, his main "demands" are already fulfilled today, by the grace of Gods.
The things you mentioned were implemented but his 'main '[demand]'" was for Slackware 15 to come with KDE 4 instead of Plasma 5. I remember him asking for PAM. I like Darth Vader but his crusade against Plasma 5 was disruptive. Hopefully, he is enjoying the new editions to Current.
BUT, the Slackware installer offers partial installs. And it always had, even if you believe that's anti-Slackware.
The installer doesn't "offer" partial installs. You can choose to do a partial install using the installer, but there is nothing offered saying "here's an install without server components".
Quote:
Originally Posted by LuckyCyborg
I will not argue with you how anti-Slackware is to have yet another category for the network servers. If you say so, probably it is anti-Slackware. Like I said already, probably Apache2 and several FTP servers is a must have for any honorable Slacker, even on a HTPC box.
How dense can you be? The reason for including apache, mariadb, ftp servers, php, on an htpc box is because there's no dependency resolution. This is why a full install is recommended and always has been recommended. However, there's nothing stopping me from uninstalling those components on my htpc except for laziness (that's the Slacker in me). I have the space, and the services aren't running, so space is the only resource it's taking at any point after installation.
Pat has long said to not think the package sets mean anything, including dependencies, so spinning off a "network servers" section would probably be anti-Slackware.
Quote:
Originally Posted by LuckyCyborg
However, regarding Darth Vader and his anti-Slackware ideas, I remember that the main ones was the adoption of: LinuxPAM/Kerberos and elogind - in fact even his last river-thread was about elogind.
Oh boy, another reference to Darth... seriously, do you idolize him?
Requesting to include software is not anti-Slackware. Personally, I don't even think requesting systemd would be anti-Slackware. In fact, in several PAM threads, I stated I'd be fine with PAM (not that my opinion on it mattered). However, when Darth proposed changing the installer to support groups (and being totally brain dead not realizing that Pat would need to document dependencies to do this, even after having it pointed out many times throughout that thread), he was told on the first page by Pat (post #4, actually) that it wasn't going to happen. Then it continued on for 24 pages with him still trying to push it.
Quote:
Originally Posted by LuckyCyborg
But, no matter how you look at this story and history, his main "demands" are already fulfilled today, by the grace of Gods.
I don't think his package groups will ever become a part of Slackware. And looking through the threads created by him, there's still a lot that he's requested that haven't been added to Slackware.
Have you ever seen Darth Vader and LuckyCyborg in the same room?
But the truth is that never been happened to be in the same room with Darth Vader. I do not know him personally.
If you wonder why "Lucky Cyborg" , it's just my nickname on real life.
Because of a illness from childhood, I have a partial facial paralysis, which means that I have no facial expressions, like smiling or looking angry to something or someone. Apparently, that's quite strange for someone who does not known me yet.
Combine that with the fact that I have a massive build with 1,95 meters height, so I got the nickname of "The Cyborg"
Later, I've married a beautiful lady born on the Asian part of Russian Federation, who looks even today like a Japanese doll. So, my friends started naming me "The Lucky Cyborg" joking around the unlikely combination of a beautiful girl marrying an expressionless guy.
There is no connection with Anakin Skywalker's story. Sorry to disappoint you!
Last edited by LuckyCyborg; 05-09-2021 at 09:33 PM.
The short version is this: it's a supply chain issue.
Our opinion is that one has already lost the game if the issues presented in this report are valid.
I'll leave it to the original poster to publish the entire writeup - it's not mine to post.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.