Stories
Slash Boxes
Comments

SoylentNews is people

posted by CoolHand on Wednesday October 05 2016, @12:46AM   Printer-friendly
from the love-for-lennart dept.

Security researcher and MateSSL founder, Andrew Ayer has uncovered a bug which will either crash or make systemd unstable (depending on who you talk to) on pretty much every linux distro. David Strauss posted a highly critical response to Ayer. In true pedantic nerd-fight fashion there is a bit of back and forth between them over the "true" severity of the issue and what not.

Nerd fights aside, how you feel about this bug, will probably largely depend on how you feel about systemd in general.

The following command, when run as any user, will crash systemd:

NOTIFY_SOCKET=/run/systemd/notify systemd-notify ""

After running this command, PID 1 is hung in the pause system call. You can no longer start and stop daemons. inetd-style services no longer accept connections. You cannot cleanly reboot the system. The system feels generally unstable (e.g. ssh and su hang for 30 seconds since systemd is now integrated with the login system). All of this can be caused by a command that's short enough to fit in a Tweet.

Edit (2016-09-28 21:34): Some people can only reproduce if they wrap the command in a while true loop. Yay non-determinism!


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Touché) by Arik on Wednesday October 05 2016, @06:14AM

    by Arik (4543) on Wednesday October 05 2016, @06:14AM (#410512) Journal
    "What makes it a tantrum? It’s a tantrum when you use a minor security issue as justification to rant about everything remotely related to systemd and insist on radical changes (throwing out systemd) to address what are mostly fixable quibbles — at least the quibbles that were based on facts or good judgment in the first place."

    So that would mean that when you lot used far more minor non-security issues as a justification to wrap up everything remotely related to init (and a lot of stuff that's not) into this systemd thing and shove it down our throats, YOU were throwing a tantrum?

    This is not the first and it won't be the last bug of this type. Those who use systemd are condemned to use systemd. The most cruel of sentences.
    --
    If laughter is the best medicine, who are the best doctors?
    Starting Score:    1  point
    Moderation   +1  
       Touché=1, Total=1
    Extra 'Touché' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 4, Interesting) by zocalo on Wednesday October 05 2016, @06:41AM

    by zocalo (302) on Wednesday October 05 2016, @06:41AM (#410515)

    This is not the first and it won't be the last bug of this type.

    No doubt Poettering will put a bandaid on this one, close the bug and call it a day. Everyone happy (so far as you can be in systemd-land), rejoice. Or not.

    Given that this is a basic input sanitation failure, I think that's pretty much a given that if you are not sanitizing one input, then there's a very good chance that you are not sanitizing others as well. Another thing that's particularly interesting about this is that a user can have a major system level impact which implies there are problems with verifying the way that commands and parameters are passed from userland into the core of the systemd processes running as root as well. Right now, I'd expect a lot of rootkit and exploit developers are going through the code looking for other places where systemd fails to validate inputs and seeing what they can do with them, and it's anyone's guess where that might lead.

    --
    UNIX? They're not even circumcised! Savages!
    • (Score: 5, Funny) by DECbot on Wednesday October 05 2016, @03:14PM

      by DECbot (832) on Wednesday October 05 2016, @03:14PM (#410634) Journal

      You know, I think it would be even better if Poettering instead of patching this bug shows his programming chops by adding a new module to systemd called inputd. Inputd would be responsible for sanitizing all standard input before passing it to the application reading standard input. And when an application reads input from inputd, it can pass a bunch of asinine arguments to inform inputd of what the sanitized input should look like.

      Likewise, we can have an outputd that will sanitize the standard output, so you can turn on all the DEBUG flags, make the kernel spit out garbage, but sanitize the output before you send it over to the logs so no one knows you left the debug flags on.

      --
      cats~$ sudo chown -R us /home/base
      • (Score: 0) by Anonymous Coward on Sunday October 09 2016, @01:35PM

        by Anonymous Coward on Sunday October 09 2016, @01:35PM (#412052)

        They do have a dev involved that was working on a user space tty implementation...