Stories
Slash Boxes
Comments

SoylentNews is people

posted by CoolHand on Wednesday October 05 2016, @12:46AM   Printer-friendly
from the love-for-lennart dept.

Security researcher and MateSSL founder, Andrew Ayer has uncovered a bug which will either crash or make systemd unstable (depending on who you talk to) on pretty much every linux distro. David Strauss posted a highly critical response to Ayer. In true pedantic nerd-fight fashion there is a bit of back and forth between them over the "true" severity of the issue and what not.

Nerd fights aside, how you feel about this bug, will probably largely depend on how you feel about systemd in general.

The following command, when run as any user, will crash systemd:

NOTIFY_SOCKET=/run/systemd/notify systemd-notify ""

After running this command, PID 1 is hung in the pause system call. You can no longer start and stop daemons. inetd-style services no longer accept connections. You cannot cleanly reboot the system. The system feels generally unstable (e.g. ssh and su hang for 30 seconds since systemd is now integrated with the login system). All of this can be caused by a command that's short enough to fit in a Tweet.

Edit (2016-09-28 21:34): Some people can only reproduce if they wrap the command in a while true loop. Yay non-determinism!


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2, Informative) by Anonymous Coward on Wednesday October 05 2016, @01:16AM

    by Anonymous Coward on Wednesday October 05 2016, @01:16AM (#410429)

    The bug only happens if assert() calls are still in the code. They should not be in a production system, so the problem is really with distros that didn't build correctly. This would be a non-story if it didn't involve systemd.

    Starting Score:    0  points
    Moderation   +2  
       Informative=2, Total=2
    Extra 'Informative' Modifier   0  

    Total Score:   2  
  • (Score: 0) by Anonymous Coward on Wednesday October 05 2016, @01:28AM

    by Anonymous Coward on Wednesday October 05 2016, @01:28AM (#410434)

    Don't you just hate it when newbs litter their code with assert? Always reminds me of this.

    LAFORGE: Hey! We've got a red light on the second intake valve.
    COCHRANE: Ignore it. We'll be fine.

    • (Score: 3, Touché) by driverless on Wednesday October 05 2016, @09:23AM

      by driverless (4770) on Wednesday October 05 2016, @09:23AM (#410534)

      Worse is:

      Main Circulating Pumps are shut down and control rods fully withdrawn. SKALA control system is signalling emergency.
      Ignore comrade, is Russian reactor, will not melt down.

    • (Score: 2) by HiThere on Wednesday October 05 2016, @06:24PM

      by HiThere (866) Subscriber Badge on Wednesday October 05 2016, @06:24PM (#410752) Journal

      Lots of asserts in the code should not be a problem (except it might impede reading the code). Asserts should catch errors during development, and be removed from the release code by the compiler.

      FWIW, I often have lots of asserts in areas of code that I think should never be reached. If they are reached, it's a mistake, and needs to be fixed. I only remove them if it impedes reading the code.

      This assert appears to signal in invalid assumption when the code was being written. Perhaps it shouldn't be a problem, but that's not the way to bet. What this problem appears to clearly signal is improper testing.

      P.S.: systemd is overly large an complex. You need to expect this kind of problem to not only happen once, but to keep happening. When code is simple it's relatively easy to test all execution pathways. As it gets larger and more complex, this gets harder. I consider the design of systemd to be a gross error if you want stable and bug free code. That said, it's never caused me a problem yet that I haven't eventually been able to recover from, if only by reversion.

      --
      Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
  • (Score: 2) by sjames on Wednesday October 05 2016, @02:01AM

    by sjames (2882) on Wednesday October 05 2016, @02:01AM (#410454) Journal

    The assert covers unsanitized input, WTF?!?

    • (Score: 0) by Anonymous Coward on Sunday October 09 2016, @01:24PM

      by Anonymous Coward on Sunday October 09 2016, @01:24PM (#412047)

      And it gets better...

      https://news.ycombinator.com/item?id=12655048 [ycombinator.com]

      Not only does Poettering misrepresent what caused the issue, the git log shows he was the one that did the alterations that lead to the issue.