A backdoor in xz

Posted Mar 30, 2024 14:48 UTC (Sat) by dvdeug (guest, #10998)
In reply to: A backdoor in xz by DimeCadmium
Parent article: A backdoor in xz

> Til they tell the service manager "I'm running!" just before failing.

Which is a bug; they should complete all checks that make them fail before reporting success. Yes, bugs are a reality.

> The only *actual* solution for that problem is monitoring. Notify-by-socket is precisely equivalent to notify-by-fork in terms of reliability.

No, there exists many cases where a fork happens and then the program fails before it would have notified the service manager it was successfully running. By the same logic, monitoring is precisely equivalent to notify-by-fork in terms of reliability; monitoring programs can fail to notice a service no longer working as well, except that they add false positives and can report that a system has failed when it's been properly shutdown or had a temporary glitch, as from system overload.

A backdoor in xz

Posted Mar 31, 2024 1:34 UTC (Sun) by DimeCadmium (subscriber, #157243) [Link] (1 responses)

> Which is a bug; they should complete all checks that make them fail before reporting success. Yes, bugs are a reality.

Indeed. But *IT IS THE SAME BUG WHETHER YOU'RE USING SYSTEMD'S NOTIFICATIONS OR FORKING*

I don't understand why I have to explain that so many times only to hear the EXACT SAME (inane) ARGUMENT again.

A backdoor in xz

Posted Apr 1, 2024 11:29 UTC (Mon) by HenrikH (subscriber, #31152) [Link]

for that particular deamon yes, but there are less that have this bug than where the double fork is not reliable (which is 100% of the double fork cases).