I am sick of listening to people telling me how great is Ubuntu and how secure is linux, because they are just plain wrong. There is no other operating system on Earth which has the same amount fucktards as Ubuntu.
Here are few examples why:
1. SUID Mount Helper has 5 Major Vulnerabilities
https://bugs.launchpad.net/calibre/+bug/885027
Best parts:
Dan:
"There are already ways to safely achieve what you're trying to do without introducing security vulnerabilities. Ubuntu implements automatic mounting of USB media using udisks in conjunction with gvfs-gdu-volume-monitor. If this isn't an option, the "pmount" application allows users to safely mount and unmount removable media without introducing (obvious) security holes."
Kovid:
"Kindly do not lecture me about using a setuid exececutable. Shocking as that
may seem, I am actually aware of the dangers, and even if I weren't, rest
assured that plenty of your ancestors have pointed it out to me in the past
four years. Is it bad to have suid executables, yes. Is there a workable alternative, no."
The obvious question is: how could somebody say after this thread that linux/ubuntu is more secure than for example windows or any other linux distribution? This guys has no clue about security and when a well known security expert points out his mistakes he turns into a whinging bitch. Well done.
Lets have a look to a non-security bug.
2. netcat-openbsd exits too soon
https://bugs.launchpad.net/ubuntu/+source/netcat-openbsd/+bug/544935
This bug is a classical example of ignorance and lack of technical skills. It is so obvious from the very first moment what the developer did is plain wrong and he managed to introduce an ubuntu specific bug with his code, yet, he is trying to play smart and not to fix the bug. As you can see in the comments, many engineers wasted multiple hours on investigating what is wrong with a certain service because they would never think that netcat is broken. This proves how ubuntu is bad for any business organization by adding several hours of unnecessary work. No wonder why redhat is THE linux distro for corporations.
3. pam_motd: assume update-motd responsibilities
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/399071
This bug -or feature as they call it in ubuntu circles- is showing how these guys totally ignoring Unix principles. There is no excuse to ship your OS with out of date documentation. I like my motds static. :)
Next time if somebody tells you how great is ubuntu please slap him on the face with this post.
My 5 cents:
ReplyDeleteThey broken LXC in LTS by removing kernel option as part of quick fix for vsftpd vulnerability
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/790863
heh nice one.
ReplyDelete