The officially official Devuan Forum!

You are not logged in.

#1 2021-06-11 07:13:49

Altoid
Member
Registered: 2017-05-07
Posts: 1,415  

Reasons to stay with Devuan

Hello:

In a blog post on Thursday, GitHub security researcher Kevin Backhouse recounted how he found the bug (CVE-2021-3560) in a service called polkit that is used in systemd, a common Linux system and service manager component.

Backhouse says the flaw is surprisingly easy to exploit, requiring only a few commands using standard terminal tools like bash, kill, and dbus-send.

See:
Seven-year-old make-me-root bug in Linux kernel patched. https://www.theregister.com/2021/06/11/ … olkit_bug/

So ...
Still want to know if there's a reason to stay with Devuan?

Best,

A.

Last edited by Altoid (2021-06-11 07:15:49)

Offline

#2 2021-06-11 07:44:07

GlennW
Member
From: Brisbane, Australia
Registered: 2019-07-18
Posts: 582  

Re: Reasons to stay with Devuan

Thank you Altoid!


pic from 1993, new guitar day.

Offline

#3 2021-06-11 09:41:51

zapper
Member
Registered: 2017-05-29
Posts: 835  

Re: Reasons to stay with Devuan

I am not one bit surprised, the harder the software is to audit, the more this bs happens. Heh...

Also, system dumb is a huge piece of software, its almost as big as the linux kernel I hear...

That is just wild...

and redhat thinks we should trust their bs? wtf...

no way... man.

wink


Freedom is never more than one generation away from extinction. Feelings are not facts
If you wish to be humbled, try to exalt yourself long term  If you wish to be exalted, try to humble yourself long term
Favourite operating systems: Hyperbola Devuan OpenBSD
Peace Be With us All!

Offline

#4 2021-06-11 11:57:10

dice
Member
Registered: 2020-11-22
Posts: 559  
Website

Re: Reasons to stay with Devuan

This is one of the reasons i stay with devuan, having no reliance on systemd i can disable dbus which stops crap like this happening. Disabling dbus is not for everyone but ive made it work on my machines.

Offline

#5 2021-06-11 13:51:13

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 3,125  
Website

Re: Reasons to stay with Devuan

This vulnerability is assigned to the policykit-1 package, which is present and used in the current Devuan stable release:

https://security-tracker.debian.org/tra … -2021-3560

It has nothing to do with systemd.


Brianna Ghey — Rest In Power

Offline

#6 2021-06-11 14:21:04

dice
Member
Registered: 2020-11-22
Posts: 559  
Website

Re: Reasons to stay with Devuan

Head_on_a_Stick wrote:

This vulnerability is assigned to the policykit-1 package, which is present and used in the current Devuan stable release:

https://security-tracker.debian.org/tra … -2021-3560

It has nothing to do with systemd.

I think we know this, but as systemd and debian rely heavily on polkit and dbus, this puts devuan in a unique situation.

Offline

#7 2021-06-11 14:22:10

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 3,125  
Website

Re: Reasons to stay with Devuan

Devuan's default graphical desktop relies pretty heavily on polkit and dbus.


Brianna Ghey — Rest In Power

Offline

#8 2021-06-11 14:24:06

dice
Member
Registered: 2020-11-22
Posts: 559  
Website

Re: Reasons to stay with Devuan

Head_on_a_Stick wrote:

Devuan's default graphical desktop relies pretty heavily on polkit and dbus.

exactly but you cant have debian without systemd or dbus, you can but as default its not possible.

Offline

#9 2021-06-11 14:28:22

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 3,125  
Website

Re: Reasons to stay with Devuan


Brianna Ghey — Rest In Power

Offline

#10 2021-06-11 14:31:37

fsmithred
Administrator
Registered: 2016-11-25
Posts: 2,409  

Re: Reasons to stay with Devuan

What do "fixed" and "not affected" mean? I expect "not affected" to mean "doesn't need to be fixed" rather than "we fixed it".

Offline

#11 2021-06-11 14:36:51

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 3,125  
Website

Re: Reasons to stay with Devuan

The bug was introduced after the beowulf version was frozen so it was never affected. The version in ceres was fixed by an upstream update.


Brianna Ghey — Rest In Power

Offline

#12 2021-06-11 14:47:01

dice
Member
Registered: 2020-11-22
Posts: 559  
Website

Re: Reasons to stay with Devuan

Head_on_a_Stick wrote:

The bug was introduced after the beowulf version was frozen so it was never affected. The version in ceres was fixed by an upstream update.

Not a bug, a huge gaping hole.

Offline

#13 2021-06-12 01:03:20

ComputerBob
Member
From: The Sunshine State
Registered: 2018-10-11
Posts: 81  
Website

Re: Reasons to stay with Devuan

Even if I weren't convinced of Devuan's technical superiority to the very similar, but now-systemd-dependent distro that I used for years,

I still remember the first time I installed an booted up Devuan Ascii, several years ago. I was almost immediately struck by:

  • Devuan's ease of setup, configuration, and use

  • How much Devuan reminded me of a much-older, easier (for me to configure) version of my  previously used distro, BEFORE IT ADDED SYSTEMD.

During the years that I've been here, I've also been VERY impressed with Devuan's knowlegable, helpful, patient (not sarcastic) community, as demonstrated in this 110-post thread in which MY OWN STUPIDITY caused me to open and then keep the thread going to successful completion, AND this 2-post thread, in which I thanked everyone for their patient help, and apologized for having been so stupid.

I've used Linux full-time since 1996 (CORRECTION: IT WAS 2006), but I've personally never experienced that incredible combination of knowledge, skill, patience, and true helpfulness that I've seen AND EXPERIENCED here.

To me, not only is Devuan the best software, but, also, its community is as good as its software, and that's really important to me.

Last edited by ComputerBob (2021-06-18 14:02:04)


ComputerBob - Making Geek-Speak Chic (TM)
ComputerBob.com - Nearly 6,000 Posts and 22 Million Views since 1998
My Massive Stroke
Help! (off-topic)

Offline

#14 2021-06-19 08:18:08

NicePics13
Member
Registered: 2019-09-13
Posts: 14  

Re: Reasons to stay with Devuan

Devuan, Slackware and OpenBSD are my holy trinity for expected behaviour, reliability and comfort big_smile

Offline

#15 2021-06-19 12:58:33

zapper
Member
Registered: 2017-05-29
Posts: 835  

Re: Reasons to stay with Devuan

NicePics13 wrote:

Devuan, Slackware and OpenBSD are my holy trinity for expected behaviour, reliability and comfort big_smile

For me, its Hyperbola and Devuan.  tongue

And as long as you don't use the testing branch of Hyperbola, it seems to be stable,

Though I like 0.4 at the moment even if it does have some quirks here and there...

But its being worked on so, smile

Devuan is what I use for my gaming habits though. wink


Freedom is never more than one generation away from extinction. Feelings are not facts
If you wish to be humbled, try to exalt yourself long term  If you wish to be exalted, try to humble yourself long term
Favourite operating systems: Hyperbola Devuan OpenBSD
Peace Be With us All!

Offline

Board footer