:: Re: [DNG] The D in Systemd stands f…
Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMSteve Litt at <-
MMDave Turner at ->
Delete this message
Reply to this message
Author: Daniel Taylor
Date:  
To: dng
Subject: Re: [DNG] The D in Systemd stands for 'Dammmmit!'
On 10/27/18 2:38 PM, Steve Litt wrote:
> On Sat, 27 Oct 2018 14:24:22 +0200
> info at smallinnovations dot nl <info@???> wrote:
>
>> Not my words although i agree fully with them:
>> https://www.theregister.co.uk/2018/10/26/systemd_dhcpv6_rce/
> "The overflow can be triggered relatively easy by advertising a DHCPv6
> server with a server-id >= 493 characters long," Wilhelm noted.
>
> They say: You must use systemd because sysvinit is soooooo old.
>
> I say: You must use strncpy()/strncat() because strcpy()/strcat() are
>     soooooo old.

>
>
> What's it been now, 30 years since the strn versions of those
> commands have been around? You'd think they'd have taken that in and
> adopted it by now. But nooooooooooooooooooooooooo!


My first thought: you're kidding.
My second thought: what if they're not kidding?
My third thought: let's look...

dtaylor@boti:~/src/systemd$ find . -type f -exec grep -il strcat {} \;
./src/basic/unit-name.c
dtaylor@boti:~/src/systemd$ find . -type f -exec grep -il strcpy {} \;
./src/nss-mymachines/nss-mymachines.c
./src/libsystemd/sd-bus/test-bus-marshal.c
./src/libsystemd/sd-bus/bus-internal.h
./src/time-wait-sync/time-wait-sync.c
./src/nss-systemd/nss-systemd.c
./src/network/networkd-ndisc.c
./src/network/networkd-network.c
./src/portable/portable.c
./src/shared/import-util.c
./src/shared/dissect-image.c
./src/shared/bus-unit-util.c
./src/shared/clean-ipc.c
./src/shared/firewall-util.c
./src/machine/machinectl.c
./src/basic/time-util.c
./src/basic/khash.c
./src/basic/escape.c
./src/basic/json.c
./src/basic/path-util.h
./src/basic/cap-list.c
./src/basic/cgroup-util.c
./src/basic/path-util.c
./src/basic/fileio.c
./src/basic/unit-name.c
./src/core/automount.c
./src/core/manager.c
./src/core/dbus-execute.c
./src/core/dynamic-user.c
./src/boot/efi/boot.c
./src/journal/catalog.c
./src/journal/journald-audit.c
./src/resolve/resolved-dns-rr.c
./src/test/test-unit-file.c
./src/test/test-condition.c
./src/udev/scsi_id/scsi_serial.c
./src/udev/scsi_id/scsi_id.c
./src/udev/udev-ctrl.c

--
Daniel Taylor

This message was posted to the following mailing lists:
dng
Mailing List Info | Nearby Messages		<-Re: [DNG] Well, this is interestingRe: [DNG] Well, this is interesting->

Donate to Dyne.org

dyne.org open discussions
administrated by dyne.org hackers		Lurker (version 2.3)