Re: [systemd-devel] Creating executable device nodes in /dev?

On Wed, Dec 9, 2020 at 11:22 AM Topi Miettinen wrote: > > On 9.12.2020 17.14, Andy Lutomirski wrote: > > > Maybe also malware which can escape all means of detection, enforced by > the CPU? Though I don't know if any malware scanners for Linux work can > check for fileless, memory only malware.

Re: [systemd-devel] Creating executable device nodes in /dev?

On 9.12.2020 17.14, Andy Lutomirski wrote: On Dec 9, 2020, at 12:58 AM, Topi Miettinen wrote: On 9.12.2020 2.42, Jarkko Sakkinen wrote: On Wed, Dec 09, 2020 at 02:15:28AM +0200, Jarkko Sakkinen wrote: On Wed, Dec 09, 2020 at 01:15:27AM +0200, Topi Miettinen wrote: As a further argument, I

Re: [systemd-devel] RFC: Moving fully to OpenSSL (aka. stopping support for gnutls/gcrypt)?

On Wed, 2020-12-09 at 10:50 +0100, Lennart Poettering wrote: > Heya! > > Currently, some parts of the systemd tree link against OpenSSL, others > link against gnutls and libgcrypt, and even others support either, > controlled by a compile time switch. > > This is of course less than ideal, since

Re: [systemd-devel] Creating executable device nodes in /dev?

> On Dec 9, 2020, at 12:58 AM, Topi Miettinen wrote: > > On 9.12.2020 2.42, Jarkko Sakkinen wrote: >>> On Wed, Dec 09, 2020 at 02:15:28AM +0200, Jarkko Sakkinen wrote: >>> On Wed, Dec 09, 2020 at 01:15:27AM +0200, Topi Miettinen wrote: >>> As a further argument, I just did this on a Fedora

Re: [systemd-devel] Antw: [EXT] RFC: Moving fully to OpenSSL (aka. stopping support for gnutls/gcrypt)?

On Mi, 09.12.20 10:55, Ulrich Windl (ulrich.wi...@rz.uni-regensburg.de) wrote: > > This is of course less than ideal, since it means we need to maintain > > needlessly complex, redundant code to support this, it's not complete > > (as not all combinations are supported), and footprint for general

[systemd-devel] Antw: [EXT] RFC: Moving fully to OpenSSL (aka. stopping support for gnutls/gcrypt)?

>>> Lennart Poettering schrieb am 09.12.2020 um 10:50 in Nachricht <20201209095057.GA30977@gardel-login>: > Heya! > > Currently, some parts of the systemd tree link against OpenSSL, others > link against gnutls and libgcrypt, and even others support either, > controlled by a compile time switch.

[systemd-devel] RFC: Moving fully to OpenSSL (aka. stopping support for gnutls/gcrypt)?

Heya! Currently, some parts of the systemd tree link against OpenSSL, others link against gnutls and libgcrypt, and even others support either, controlled by a compile time switch. This is of course less than ideal, since it means we need to maintain needlessly complex, redundant code to support

Re: [systemd-devel] Creating executable device nodes in /dev?

On 9.12.2020 2.42, Jarkko Sakkinen wrote: On Wed, Dec 09, 2020 at 02:15:28AM +0200, Jarkko Sakkinen wrote: On Wed, Dec 09, 2020 at 01:15:27AM +0200, Topi Miettinen wrote: As a further argument, I just did this on a Fedora system: $ find /dev -perm /ugo+x -a \! -type d -a \! -type l No results.

Re: [systemd-devel] Creating executable device nodes in /dev?

On 9.12.2020 2.15, Jarkko Sakkinen wrote: On Wed, Dec 09, 2020 at 01:15:27AM +0200, Topi Miettinen wrote: As a further argument, I just did this on a Fedora system: $ find /dev -perm /ugo+x -a \! -type d -a \! -type l No results. So making /dev noexec doesn't seem to have any benefit. It's n