The moral isn't "Don't use systemd", the moral is "Write stuff in better languages than C". rsyslog doesn't exactly have an enviable security record either.
-
-
Replying to @mjg59
Counterexample: https://www.cvedetails.com/vulnerability-list/vendor_id-1594/product_id-20629/Gentoo-Logrotate.html … logrotate has had numerous issues in the past, none of which are memory corruption - so I don't think writing in a "better" language could have done much here - maybe the filesystem API needs rethinking.
2 replies 1 retweet 6 likes -
Replying to @David3141593 @mjg59
I just picked logrotate as a random example, since it's in the same general software category.
1 reply 0 retweets 0 likes -
Replying to @David3141593
logrotate doesn't have to parse untrusted input, so I think there's a meaningful category distinction
2 replies 0 retweets 14 likes
Replying to @mjg59
True. And I totally agree with your original point.
3:31 PM - 10 Jan 2019
0 replies
0 retweets
1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.