The officially official Devuan Forum!

You are not logged in.

#1 2021-06-11 07:13:49

Altoid
Member
Registered: 2017-05-07
Posts: 850  

Reasons to stay with Devuan

Hello:

In a blog post on Thursday, GitHub security researcher Kevin Backhouse recounted how he found the bug (CVE-2021-3560) in a service called polkit that is used in systemd, a common Linux system and service manager component.

Backhouse says the flaw is surprisingly easy to exploit, requiring only a few commands using standard terminal tools like bash, kill, and dbus-send.

See:
Seven-year-old make-me-root bug in Linux kernel patched. https://www.theregister.com/2021/06/11/ … olkit_bug/

So ...
Still want to know if there's a reason to stay with Devuan?

Best,

A.

Last edited by Altoid (2021-06-11 07:15:49)

Offline

#2 2021-06-11 07:44:07

GlennW
Member
Registered: 2019-07-18
Posts: 134  

Re: Reasons to stay with Devuan

Thank you Altoid!

Offline

#3 2021-06-11 09:41:51

zapper
Member
Registered: 2017-05-29
Posts: 313  

Re: Reasons to stay with Devuan

I am not one bit surprised, the harder the software is to audit, the more this bs happens. Heh...

Also, system dumb is a huge piece of software, its almost as big as the linux kernel I hear...

That is just wild...

and redhat thinks we should trust their bs? wtf...

no way... man.

wink


Black Lives Matter!  I am white, but I prefer equality over hatred.
Haughtiness comes before a fall, pride before destruction.
Peace be with you!
No one can serve two masters. Either you will hate the one and love the other, or you will be devoted to the one and despise the other. You cannot serve both God and mammon!

Offline

#4 2021-06-11 11:57:10

dice
Member
Registered: 2020-11-22
Posts: 559  
Website

Re: Reasons to stay with Devuan

This is one of the reasons i stay with devuan, having no reliance on systemd i can disable dbus which stops crap like this happening. Disabling dbus is not for everyone but ive made it work on my machines.

Offline

#5 2021-06-11 13:51:13

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 1,654  
Website

Re: Reasons to stay with Devuan

This vulnerability is assigned to the policykit-1 package, which is present and used in the current Devuan stable release:

https://security-tracker.debian.org/tra … -2021-3560

It has nothing to do with systemd.


antifa ftw!

Offline

#6 2021-06-11 14:21:04

dice
Member
Registered: 2020-11-22
Posts: 559  
Website

Re: Reasons to stay with Devuan

Head_on_a_Stick wrote:

This vulnerability is assigned to the policykit-1 package, which is present and used in the current Devuan stable release:

https://security-tracker.debian.org/tra … -2021-3560

It has nothing to do with systemd.

I think we know this, but as systemd and debian rely heavily on polkit and dbus, this puts devuan in a unique situation.

Offline

#7 2021-06-11 14:22:10

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 1,654  
Website

Re: Reasons to stay with Devuan

Devuan's default graphical desktop relies pretty heavily on polkit and dbus.


antifa ftw!

Offline

#8 2021-06-11 14:24:06

dice
Member
Registered: 2020-11-22
Posts: 559  
Website

Re: Reasons to stay with Devuan

Head_on_a_Stick wrote:

Devuan's default graphical desktop relies pretty heavily on polkit and dbus.

exactly but you cant have debian without systemd or dbus, you can but as default its not possible.

Offline

#9 2021-06-11 14:28:22

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 1,654  
Website

Re: Reasons to stay with Devuan


antifa ftw!

Offline

#10 2021-06-11 14:31:37

fsmithred
Administrator
Registered: 2016-11-25
Posts: 1,890  

Re: Reasons to stay with Devuan

What do "fixed" and "not affected" mean? I expect "not affected" to mean "doesn't need to be fixed" rather than "we fixed it".

Offline

#11 2021-06-11 14:36:51

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 1,654  
Website

Re: Reasons to stay with Devuan

The bug was introduced after the beowulf version was frozen so it was never affected. The version in ceres was fixed by an upstream update.


antifa ftw!

Offline

#12 2021-06-11 14:47:01

dice
Member
Registered: 2020-11-22
Posts: 559  
Website

Re: Reasons to stay with Devuan

Head_on_a_Stick wrote:

The bug was introduced after the beowulf version was frozen so it was never affected. The version in ceres was fixed by an upstream update.

Not a bug, a huge gaping hole.

Offline

#13 2021-06-12 01:03:20

ComputerBob
Member
From: The Sunshine State
Registered: 2018-10-11
Posts: 71  
Website

Re: Reasons to stay with Devuan

Even if I weren't convinced of Devuan's technical superiority to the very similar, but now-systemd-dependent distro that I used for years,

I still remember the first time I installed an booted up Devuan Ascii, several years ago. I was almost immediately struck by:

  • Devuan's ease of setup, configuration, and use

  • How much Devuan reminded me of a much-older, easier (for me to configure) version of my  previously used distro, BEFORE IT ADDED SYSTEMD.

During the years that I've been here, I've also been VERY impressed with Devuan's knowlegable, helpful, patient (not sarcastic) community, as demonstrated in this 110-post thread in which MY OWN STUPIDITY caused me to open and then keep the thread going to successful completion, AND this 2-post thread, in which I thanked everyone for their patient help, and apologized for having been so stupid.

I've used Linux full-time since 1996 (CORRECTION: IT WAS 2006), but I've personally never experienced that incredible combination of knowledge, skill, patience, and true helpfulness that I've seen AND EXPERIENCED here.

To me, not only is Devuan the best software, but, also, its community is as good as its software, and that's really important to me.

Last edited by ComputerBob (2021-06-18 14:02:04)


ComputerBob - Making Geek-Speak Chic (TM)
ComputerBob.com - Nearly 6,000 Posts and 22 Million Views since 1998
My Ministry- My Massive Stroke
Your Life Matters

Offline

#14 2021-06-19 08:18:08

NicePics13
Member
Registered: 2019-09-13
Posts: 5  

Re: Reasons to stay with Devuan

Devuan, Slackware and OpenBSD are my holy trinity for expected behaviour, reliability and comfort big_smile

Offline

#15 2021-06-19 12:58:33

zapper
Member
Registered: 2017-05-29
Posts: 313  

Re: Reasons to stay with Devuan

NicePics13 wrote:

Devuan, Slackware and OpenBSD are my holy trinity for expected behaviour, reliability and comfort big_smile

For me, its Hyperbola and Devuan.  tongue

And as long as you don't use the testing branch of Hyperbola, it seems to be stable,

Though I like 0.4 at the moment even if it does have some quirks here and there...

But its being worked on so, smile

Devuan is what I use for my gaming habits though. wink


Black Lives Matter!  I am white, but I prefer equality over hatred.
Haughtiness comes before a fall, pride before destruction.
Peace be with you!
No one can serve two masters. Either you will hate the one and love the other, or you will be devoted to the one and despise the other. You cannot serve both God and mammon!

Offline

Board footer