Diseased Open Source Software Community - it's about ethics in Code of Conducts

[Kola]

https://cybersecsentinel.com/cve-2025-32463-privilege-escalation-in-sudo-triggers-urgent-linux-patching/

RUST SISTERS... WHAT IS THIS?

Recent critical vulnerabilities have been identified in the sudo utility and its Rust-based counterpart, sudo-rs, posing significant threats to Unix and Linux systems. CVE-2025-32463 allows for unauthorized root access through the --chroot option, even for unprivileged users not listed in sudoers. CVE-2025-32462 enables host restriction bypass in distributed sudoers environments. CVE-2025-46718 in sudo-rs permits privilege enumeration, aiding attackers in reconnaissance.

These vulnerabilities affect both the standard sudo and the Rust-based sudo-rs implementations. Attackers may gain unauthorized root access, bypass security restrictions, or enumerate privileged users. The flaws were disclosed by security researcher Rich Mirch from Stratascale Cyber Research Unit.

 

[BottledCrab]

I have done an unusual level of benchmarking of math functions between glibc and musl. musl is across the board slower, in particular it's malloc function. There's also compatibility issues.

I say this because cargo cultists walk around saying musl is "less bloated" than glibc while ignoring it's objectively slower. It has a smaller codebase, maybe a marginally smaller memory footprint. It's easier to excise specific functions for embedded codebases, whereas glibc is genuinely a rats nest of macros spread across a million files. That's the benefit.

I would never consider running Alpine for pretty much anything simply because I don't want to run musl. The memory difference is within the margin of error when compared to a stripped down Debian installation. Rich Felker is definitely a lamer.

I remember when I started learning C, I tried to read libc code (the simple functions like strcmp, not malloc or free) to have an idea of what actual production code looks like and glibc code was genuinely unreadable unlike musl's.

 

[volatile puar]

https://cybersecsentinel.com/cve-2025-32463-privilege-escalation-in-sudo-triggers-urgent-linux-patching/

RUST SISTERS... WHAT IS THIS?

doas and run-0 users eating good tonight.

 

[The Big Bad D]

RUST SISTERS... WHAT IS THIS?

"Unauthorized root access" in sudo vs "privilege enumeration" in sudo-rs. This is not the own you think it is.

 

[Markass the Worst]

https://cybersecsentinel.com/cve-2025-32463-privilege-escalation-in-sudo-triggers-urgent-linux-patching/
RUST SISTERS... WHAT IS THIS?

A sign that security goes beyond picking the right programming language which is obvious to everybody but die-hard Rustaceans.

 

[TomBroadway1987]

https://cybersecsentinel.com/cve-2025-32463-privilege-escalation-in-sudo-triggers-urgent-linux-patching/

RUST SISTERS... WHAT IS THIS?

"loading a malicious nsswitch.conf and arbitrary shared libraries" dynamic linking strikes again.

 

[Least Concern]

Chimera's thing is BSD userland, LLVM/Clang instead of gcc,

Sorry if this is a dumb question, but if BSD userland and a non-GCC compile chain is desirable, why not just run BSD?

 

[Samuel Fuller]

Sorry if this is a dumb question, but if BSD userland and a non-GCC compile chain is desirable, why not just run BSD?

Autism.

 

[Atlas Sneezed]

Sorry if this is a dumb question, but if BSD userland and a non-GCC compile chain is desirable, why not just run BSD?

Driver support?

 

[Kola]

"Unauthorized root access" in sudo vs "privilege enumeration" in sudo-rs. This is not the own you think it is.

That's because it's a shitty ghetto nigger knockoff that LACKS FEATURES AND DOESN'T EVEN HAVE CHROOT GEEEEEG

 

[The Mass Shooter Ron Soye]

Phoronix: Wayback Hopes To Be Ready Next Year With Alpine Linux Planning To Use It By Default (archive)

Alpine Linux developer Ariadne Conill has posted more about the Wayback plans moving forward for this X11 compatibility layer to support running full X11 desktop environments using Wayland components.

Ariadne commented that while it's currently experimental and "it is very likely that it is going to do things which make you mad at this point," there are firm plans for it moving forward.

Phoronix: ZLUDA Making Progress In 2025 On Bringing CUDA To Non-NVIDIA GPUs (archive)

The Q2'2025 status update for ZLUDA was posted today where they shared they have now doubled in size: there are now two developers working full-time on the project.

 

[NortelNutworks]

"Ariadne" is the kind of fakename chosen by some guy who largely only communicates in writing and enjoys hearing other people stumble trying to pronounce it.

Yes I'm aware it's some ancient Greek thing.

 

[Kola]

"Ariadne" is the kind of fakename chosen by some guy who largely only communicates in writing and enjoys hearing other people stumble trying to pronounce it.

Yes I'm aware it's some ancient Greek thing.

 

[Kola]

Phoronix: Wayback Hopes To Be Ready Next Year With Alpine Linux Planning To Use It By Default (archive)


Phoronix: ZLUDA Making Progress In 2025 On Bringing CUDA To Non-NVIDIA GPUs (archive)

I looked this "Ariadne" up.






Alpinebros... I don't feel so good. This is who's been setting up all my Docker images all these years?

 

[Panzerfrau]

Alpinebros... I don't feel so good. This is who's been setting up all my Docker images all these years?

Sadly yes.
He's also Hector's buddy and an admin of Treehouse Systems, fedi instance Hector was sneeding from.

I LOVE how he filters his selfies to hell and back, giving himself this retarded Clannad anime girl look:


There's no hiding this gargantuan, square jaw, buddy

 

[teriyakiburns]

Alpinebros... I don't feel so good. This is who's been setting up all my Docker images all these years?

He's been a mere package maintainer for the last few years. I think his trooning out coincided with him stepping down from the steering committee, but it's hard to say for sure.

 

[Hieronymus Lex]

Sadly yes.
He's also Hector's buddy and an admin of Treehouse Systems, fedi instance Hector was sneeding from.

I may be slightly , but the powerword is William Pitcock if you'd like to dig a bit more.

 

[analrapist]

Pitcock

Good heavens that's way too on the nose for a troon.

 

[teriyakiburns]

I may be slightly , but the powerword is William Pitcock if you'd like to dig a bit more.

Last mention of Pitcock on the alpine mailing list is a resignation in March of 2019 (mentions a nickname "kaniini" [finnish for rabbit], which I'm looking into at the moment). He pops returns as Ariadne in December of 2019, presumably having taken back the resignation, given his linkedin says he was working on the core team and then the steering committee until 2022. So that means I'm both right and wrong: he trooned and quit, but then he came back again, and then apparently quit again, but still swings his non-existent balls around to get his way.

Notable that drew devault was also heavily associated with Alpine at that point. May still be. I'll not get into the technical advantages of Alpine vs other distros, but I will say I'm severely disappointed that a useful tool has once again proven to be a troon nest.

 

[AmpleApricots]

square jaw

Why do all troons have jawlines that belong on vintage military recruitment posters

proven to be a troon nest.

Admittedly, it was a small factor in my reasoning to go back to gentoo. That kind of control gentoo offers is sadly needed to be more immune against rugpulls by insane men in dresses. While gentoo certainly has a bunch of tranny jannies too (I have no idea because I don't follow distro politics but it's basically a given), the way it works as meta distribution does give you immunity against unwanted changes to a big degree.