zug.network is one of the many independent Mastodon servers you can use to participate in the fediverse.
Du magst Züge? Dann bist du hier richtig!

Administered by:

Server stats:

324
active users

an ominous I-am-under-NDA-coded warning to immediately uninstall atop has been posted by a reputable tech blogger. rachelbythebay.com/w/2025/03/2

rachelbythebay.comYou might want to stop running atop

to be clear “atop” is a Linux system administration tool and if you don’t know what that means or if you could possibly have it installed, you don’t.

it seems to be getting hug of deathed, so here’s a screenshot, though it really doesn’t say much more than what I said.

@0xabad1dea

Summary of the HN discussion so far

  • I trust Rachel and I am uninstalling
  • Use btop
  • Is that installed anywhere by default?
  • Why is she so vague?

and news.ycombinator.com/item?id=4, github.com/Atoptool/atop/blame, 14 years ago, which I would not less pass in a code review today.

This ends up being a call to execl() to a binary without a path, and a sh with interpolation inbetween. It should be a call to execve() with a clean env, and a path to a binary, sans sh.

If this is run as root in a suid binary, it would be not good.

news.ycombinator.comNo one else seems to have run 'grep system(', so I will: https://github.com/Atop... | Hacker News
Marc Haber

@isotopp @0xabad1dea It might run as root, but I don't see an suid binary (at least not in the Debian packages).

And it isnt installed by default in any distribution I know. Debian also doesn't even build the netatop kernel module.

@Zugschlus @0xabad1dea

Then that code part is only ugly, and not radioactive.

@isotopp @0xabad1dea I agree.

I stopped looking at other people's code years ago. It's like looking at office IT in doctor's office and hospitals. Better look away or feel even worse than you're already feeling.