:: Re: [DNG] Nasty Linux systemd secur…
Forside
Slet denne besked
Besvar denne besked
Skribent: Didier Kryn
Dato:  
Til: dng@lists.dyne.org
Emne: Re: [DNG] Nasty Linux systemd security bug revealed
Le 20/07/2021 à 22:08, Dr. Nikolaus Klepp a écrit :
> Just in case sombody missed it:
>
> https://www.zdnet.com/article/nasty-linux-systemd-security-bug-revealed/
>
>
> "Systemd, the Linux system and service manager that has largely
> replaced init as the master Linux startup and control program, has
> always had its critics. Now, with Qualys's discovery of a new systemd
> security bug, systemd will have fewer friends. Successful exploitation
> of this newest vulnerability enables any unprivileged user to cause a
> denial of service via a kernel panic.
> In a phrase, "that's bad, that's really bad." [...]
> "
>
> Nik
>

    I want to add to the comments that this alloca() function has been
added (by gcc ?) to work around a missing feature of the C language:
dynamic allocation on the stack. This lack has disapeared many years ago
( don't know with which version of the C standard) , with the following
form of allocation:

...

n = 2x+1;

{

    int array[n];

    ...

}

    And, therefore, alloca() should be removed.

    delenda est alloca !

--     Didier