科技回声

I misparsed this as "A bug regarding an OOB write in systemd has been resolved by deployment of a crafted TCP payload" and was hoping for a legendary tale of deeply grey-hat infrastructure hack-patching.

Remind me, why are such critical system components as systemd are still being written in a memory unsafe language?

previously: <a href="https://news.ycombinator.com/item?id=14652787" rel="nofollow">https://news.ycombinator.com/item?id=14652787</a> (5 days ago, 192 points, 237 comments)

Sorry, but this is not a standard TCP payload. I think the bug is in the library that made the packet, not with systemd. They should fix their library.

"A patch to resolve this has been provided..."The patch resolves the resolver. Heh.

OT, but I wonder why Poettering chose Kay Sievers to work on systemd in the first place.

Remind me, why are such critical system components as systemd are still being written in a memory unsafe language?

previously: <a href="https://news.ycombinator.com/item?id=14652787" rel="nofollow">https://news.ycombinator.com/item?id=14652787</a> (5 days ago, 192 points, 237 comments)

Sorry, but this is not a standard TCP payload. I think the bug is in the library that made the packet, not with systemd. They should fix their library.

"A patch to resolve this has been provided..."The patch resolves the resolver. Heh.

OT, but I wonder why Poettering chose Kay Sievers to work on systemd in the first place.

Out-of-bounds write in systemd-resolved with crafted TCP payload

6 条评论

Out-of-bounds write in systemd-resolved with crafted TCP payload

6 条评论