Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Friday January 11 2019, @12:54PM   Printer-friendly
from the deep-seated-insecurities-and-paranoia dept.

From TFA (the friendly article) at https://www.openwall.com/lists/oss-security/2019/01/09/3:

We discovered three vulnerabilities in systemd-journald (https://en.wikipedia.org/wiki/Systemd):

- CVE-2018-16864 and CVE-2018-16865, two memory corruptions     (attacker-controlled alloca()s);

- CVE-2018-16866, an information leak (an out-of-bounds read).

CVE-2018-16864 was introduced in April 2013 (systemd v203) and became exploitable in February 2016 (systemd v230). We developed a proof of concept for CVE-2018-16864 that gains eip control on i386.

CVE-2018-16865 was introduced in December 2011 (systemd v38) and became exploitable in April 2013 (systemd v201). CVE-2018-16866 was introduced in June 2015 (systemd v221) and was inadvertently fixed in August 2018.

We developed an exploit for CVE-2018-16865 and CVE-2018-16866 that obtains a local root shell in 10 minutes on i386 and 70 minutes on amd64, on average. We will publish our exploit in the near future.

To the best of our knowledge, all systemd-based Linux distributions are vulnerable, but SUSE Linux Enterprise 15, openSUSE Leap 15.0, and Fedora 28 and 29 are not exploitable because their user space is compiled with GCC's -fstack-clash-protection.

This confirms https://grsecurity.net/an_ancient_kernel_hole_is_not_closed.php: "It should be clear that kernel-only attempts to solve [the Stack Clash] will necessarily always be incomplete, as the real issue lies in the lack of stack probing."

The article goes on with more detailed information on exploits.

<sarcasm>It's a good thing that systemd does not affect very many systems and no systems running anything important.</sarcasm>


Original Submission

Related Stories

Modern Versions of systemd Can Cause an Unmount Storm During Shutdowns 102 comments

System adminsitrator Chris Siebenmann has found Modern versions of systemd can cause an unmount storm during shutdowns:

One of my discoveries about Ubuntu 20.04 is that my test machine can trigger the kernel's out of memory killing during shutdown. My test virtual machine has 4 GB of RAM and 1 GB of swap, but it also has 347 NFS[*] mounts, and after some investigation, what appears to be happening is that in the 20.04 version of systemd (systemd 245 plus whatever changes Ubuntu has made), systemd now seems to try to run umount for all of those filesystems all at once (which also starts a umount.nfs process for each one). On 20.04, this is apparently enough to OOM[**] my test machine.

[...] Unfortunately, so far I haven't found a way to control this in systemd. There appears to be no way to set limits on how many unmounts systemd will try to do at once (or in general how many units it will try to stop at once, even if that requires running programs). Nor can we readily modify the mount units, because all of our NFS mounts are done through shell scripts by directly calling mount; they don't exist in /etc/fstab or as actual .mount units.

[*] NFS: Network File System
[**] OOM Out of memory.

We've been here before and there is certainly more where that came from.

Previously:
(2020) Linux Home Directory Management is About to Undergo Major Change
(2019) System Down: A systemd-journald Exploit
(2017) Savaged by Systemd
(2017) Linux systemd Gives Root Privileges to Invalid Usernames
(2016) Systemd Crashing Bug
(2015) tmux Coders Asked to Add Special Code for systemd
(2016) SystemD Mounts EFI pseudo-fs RW, Facilitates Permanently Bricking Laptops, Closes Bug Invalid
(2015) A Technical Critique of Systemd
(2014) Devuan Developers Can Be Reached Via vua@debianfork.org
(2014) Systemd-resolved Subject to Cache Poisoning


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 2, Insightful) by Anonymous Coward on Friday January 11 2019, @01:25PM (11 children)

    by Anonymous Coward on Friday January 11 2019, @01:25PM (#785016)

    Don't use any distro that fell for the systemd propaganda.

    Use Slackware instead.

    • (Score: 1, Informative) by Anonymous Coward on Friday January 11 2019, @02:20PM (4 children)

      by Anonymous Coward on Friday January 11 2019, @02:20PM (#785029)

      Void Linux is another good one.

      For crazy people (like me) there is also Gentoo and Exherbo. I think Exherbo was systemd by default, but when building an Exherbo system, it's trivial to change to OpenRC.

      • (Score: -1, Troll) by Ethanol-fueled on Friday January 11 2019, @03:53PM (1 child)

        by Ethanol-fueled (2792) on Friday January 11 2019, @03:53PM (#785073) Homepage

        You sound like a nigger. Yes, niggers. And you will not speak against the niggers, for the niggers are of our people. "Hey, you...yes, you, what the fuck you starin' at, White boy?!"

        Yes, the niggers.

        • (Score: 0) by Anonymous Coward on Saturday January 12 2019, @11:43AM

          by Anonymous Coward on Saturday January 12 2019, @11:43AM (#785466)

          Okay, curious, where's the nigger reference in there?

      • (Score: 1, Interesting) by Anonymous Coward on Friday January 11 2019, @04:05PM (1 child)

        by Anonymous Coward on Friday January 11 2019, @04:05PM (#785079)

        I second VOID. This distro is quite solid. Though it is rolling release, which means you have to be careful about driver configuration, which can sometimes collide on new releases.

        • (Score: -1, Troll) by Anonymous Coward on Saturday January 12 2019, @11:45AM

          by Anonymous Coward on Saturday January 12 2019, @11:45AM (#785467)

          "collide [duckduckgo.com]"?!?!? that doesn't sound good!

    • (Score: 5, Insightful) by cosurgi on Friday January 11 2019, @04:48PM

      by cosurgi (272) on Friday January 11 2019, @04:48PM (#785105) Journal

      I prefer devuan :)

      --
      #
      #\ @ ? [adom.de] Colonize Mars [kozicki.pl]
      #
    • (Score: 2) by Freeman on Friday January 11 2019, @04:59PM

      by Freeman (732) on Friday January 11 2019, @04:59PM (#785118) Journal

      There's also MX Linux. https://distrowatch.com/table.php?distribution=mx [distrowatch.com] Which is pretty popular on distrowatch. That may not be a great metric to go by, but it's something.

      --
      Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
    • (Score: 2) by Magic Oddball on Saturday January 12 2019, @04:00AM

      by Magic Oddball (3847) on Saturday January 12 2019, @04:00AM (#785382) Journal

      Or for those of us who prefer a more user-friendly/out-of-the-box distro with a big repo, PCLinuxOS.

    • (Score: 2) by turgid on Saturday January 12 2019, @03:24PM

      by turgid (4318) Subscriber Badge on Saturday January 12 2019, @03:24PM (#785533) Journal
    • (Score: 2) by DeVilla on Saturday January 12 2019, @05:38PM (1 child)

      by DeVilla (5354) on Saturday January 12 2019, @05:38PM (#785591)

      Dear lazy web, is Gentoo still a decent desktop without systemd?

      • (Score: 0) by Anonymous Coward on Thursday January 17 2019, @05:01AM

        by Anonymous Coward on Thursday January 17 2019, @05:01AM (#787787)

        Supposedly so. But chatter on their forum suggests the person currently in charge of OpenRC maintenance is running a false flag operation has he keeps introduced systemd-isms into OpenRC.

  • (Score: 3, Informative) by julian67 on Friday January 11 2019, @01:58PM (20 children)

    by julian67 (982) on Friday January 11 2019, @01:58PM (#785025)

    A better solution:

    apply patches as and when they become available.

    Bugs far more severe have been found in every layer, from the kernel upwards, of every general purpose operating system. They get fixed.

    The idea that one should avoid or abandon software if bugs are found only makes sense if those bugs cannot be fixed. Otherwise it's an absurdist position.

    • (Score: 5, Insightful) by canopic jug on Friday January 11 2019, @02:03PM (4 children)

      by canopic jug (3949) Subscriber Badge on Friday January 11 2019, @02:03PM (#785027) Journal

      The bugs were around for around two years. They're also the result of a combination of known bad design and known bad programming practices. Mistakes cannot be avoided but bad design and bad practices can. Those alone are enough reason to eschew garbage like systemd. On top of that you have an enormous monolith of complex, sparsely documented code.

      --
      Money is not free speech. Elections should not be auctions.
      • (Score: 5, Insightful) by digitalaudiorock on Friday January 11 2019, @02:24PM

        by digitalaudiorock (688) on Friday January 11 2019, @02:24PM (#785032)

        Never mind that these bugs are in their shit-for-brains systemd-journald and binary logging. None of that should have ever happened, and nobody with any sense wanted it. But yea...it's all good...as long as sysadmins whose companies fell for RHEL 7 start treating it the way they've treated Windows Server...which is about where this has gone. Good luck with all that. No systemd in my home or my company, and never will be...thank God.

      • (Score: 4, Interesting) by Thexalon on Friday January 11 2019, @08:20PM (2 children)

        by Thexalon (636) on Friday January 11 2019, @08:20PM (#785205)

        Also, can we stop letting Lennart be in charge of anything important, please? Between systemd's awfulness (including on occasion breaking the Linux kernel) and PulseAudio's awfulness (ditto), I'm trying to figure out why anyone thinks he should be doing coding without adult supervision.

        The moment I knew how bad systemd truly was: shortly after I had installed it for the first time on a desktop, I decided to swap out my aging PS/2 mouse for a USB mouse, so I shut down the machine, switched the mice, turned it back on, and was greeted with a black screen with no feedback at all about what was going on, and nothing in the logs about what had gone wrong when I swapped the mice back. Whereas my sysvinit-based system, in the same situation, would have booted up just fine and at worst would have needed some config file changed and a relevant daemon restarted. Based on that, I was forced to conclude that either the systemd developers had either not even thought about the possibility of swapping out hardware while the machine was turned off, or didn't care enough of about that scenario to make their stuff work properly under those conditions.

        --
        The only thing that stops a bad guy with a compiler is a good guy with a compiler.
        • (Score: 2, Funny) by Anonymous Coward on Saturday January 12 2019, @11:48AM (1 child)

          by Anonymous Coward on Saturday January 12 2019, @11:48AM (#785469)

          Thank you for your bug report. We here at systemD central think that you are a poopy head with a need for a brain swap.
          Please soak your head in vinegar.
          And Have A Nice Day.

          • (Score: 2) by Thexalon on Sunday January 13 2019, @03:01PM

            by Thexalon (636) on Sunday January 13 2019, @03:01PM (#785908)

            You forgot to mark it as "WONTFIX".

            --
            The only thing that stops a bad guy with a compiler is a good guy with a compiler.
    • (Score: 0) by Anonymous Coward on Friday January 11 2019, @02:03PM (2 children)

      by Anonymous Coward on Friday January 11 2019, @02:03PM (#785028)

      I think you need to work on your reading comprehension.
      These bugs have been around for years and never patched...

      • (Score: 5, Funny) by DannyB on Friday January 11 2019, @03:11PM (1 child)

        by DannyB (5839) Subscriber Badge on Friday January 11 2019, @03:11PM (#785050) Journal

        You are making an assumption that these vulnerabilities are bugs instead of features.

        --
        I get constant rejection even though the compiler is supposed to accept constants.
        • (Score: 1, Touché) by Anonymous Coward on Saturday January 12 2019, @11:50AM

          by Anonymous Coward on Saturday January 12 2019, @11:50AM (#785470)

          Oh, great, so this is Year Of The Linux Desktop where Linux is just like Windows
          When do we get built in advertising?

    • (Score: 5, Insightful) by rleigh on Friday January 11 2019, @02:24PM (1 child)

      by rleigh (4887) on Friday January 11 2019, @02:24PM (#785031) Homepage

      The chickens are coming home to roost, as we knew they would.

      "Bugs far more severe have been found" is to completely ignore that bad design, bad coding practices and a huge amount of hubris and egotism went into this software. If the design was solid, and good coding practices had been followed, bugs like this simply couldn't happen. Because programmers with a bit more self-awareness and humility would not have used alloca() to perform a needless micro-optimisation at the expense of system security. Processing strings in C using the most dangerously insecure strategy possible isn't even a bug, it's crass stupidity. As is not having a maximum message size in the first page.

      Some bugs are the result of genuine mistakes or extremely subtle side-effects. None of these problems fall into these categories. They are the result of programmers who think they are so great that they can't make mistakes, and that the rules don't apply to them.

      If I had to write functions like this, my choice would be to implement it using C++ with extern "C" and a static libstdc++. This would provide a C interface to string operations using std::string and std::string_view. Safer, faster and more maintainable than the C string equivalents, and from the point of view of the caller, totally transparent. If I wrote my code like what's in journald, I'd be fired for gross incompetence. It wouldn't even make it pass cursory code review. Where's the oversight for the systemd developers?

      • (Score: 2) by bob_super on Friday January 11 2019, @06:09PM

        by bob_super (1357) on Friday January 11 2019, @06:09PM (#785153)

        I'm glad to learn from your experience that such bad code will never ever be adopted by anyone for any serious distro, and we'll never have to worry about that "systemd" thingy leaving the confines of the whackjobs' computer...

        Oh wait, it's fucking everywhere ! Tell me again how everyone in the industry is a certified moron.

        (disclaimer: I know why systemd is problematic. Make your points without being so hyperbolic that you assert nobody else has a clue)

    • (Score: 2) by DannyB on Friday January 11 2019, @03:15PM (7 children)

      by DannyB (5839) Subscriber Badge on Friday January 11 2019, @03:15PM (#785052) Journal

      From TFA . . .

      but SUSE Linux Enterprise 15, openSUSE Leap 15.0, and Fedora 28 and 29 are not exploitable because their user space is compiled with GCC's -fstack-clash-protection.

      Should other distributions do likewise?

      --
      I get constant rejection even though the compiler is supposed to accept constants.
      • (Score: -1, Troll) by Ethanol-fueled on Friday January 11 2019, @03:39PM (2 children)

        by Ethanol-fueled (2792) on Friday January 11 2019, @03:39PM (#785064) Homepage

        I like running Windows 7 because it just works, then run Ubuntu in a VM because that just works. It should be the other way around but Ubuntu Linux is for Niggers.

        • (Score: 4, Interesting) by DannyB on Friday January 11 2019, @04:04PM (1 child)

          by DannyB (5839) Subscriber Badge on Friday January 11 2019, @04:04PM (#785078) Journal

          I run Windows 10 at work, not by choice, but because it's what we use.

          And it "just works" because we have a competent IT department and layered defenses. Only some offices have direct internet access at border gateway points. All other US and Canada offices have private connections to those points for internet access. There are spam and phishing defenses. External emails are marked EXTERNAL in the subject line. Mail attachments and links are scanned. Several thousand users with about 1.75 times that many PCs to protect using active directory policies to install and control software. Yet developers are allowed local administrative control, thus I can locally install anything I want onto my PC.

          So yeah, Window 10 "just works" if you spend enough money. And it works well. Rarely is there any kind of penetration, and it is very quickly contained and isolated.

          As an avid Java, Linux and Open Source advocate, I'm in the interesting situation that all of the software I use at work is the same software I use at home on Linux. Other than corporate applications like Office, WebEx, etc. More and more corporate applications (bug tracking systems, human resources systems, expense reporting systems, etc, etc) are all web based -- which makes Windows less and less relevant every single day. Microsoft's nightmare come true. The reason Microsoft killed Netscape was the fear that web applications would make the OS irrelevant. And it has.

          --
          I get constant rejection even though the compiler is supposed to accept constants.
          • (Score: 0) by Anonymous Coward on Thursday January 17 2019, @12:26PM

            by Anonymous Coward on Thursday January 17 2019, @12:26PM (#787868)

            Have you seen the latest KBs for IE? Seriously? Even now, if you don't have the latest patch then a "specially crafted" web page can get system level access and take over the computer.
            Even if you only miss some patches it can get user level.
            It's nuts.

      • (Score: 2) by rleigh on Friday January 11 2019, @03:56PM (1 child)

        by rleigh (4887) on Friday January 11 2019, @03:56PM (#785074) Homepage

        "Not exploitable" does not mean bug-free. It means the process will segfault or abort. Slightly better than the alternative, but it's still far from ideal. It's a mitigation, rather than a solution. Better than nothing, but best not to place too much faith in it.

        Also, the stack clash protection with a guard page still only provides protection with some caveats. It doesn't work on all platforms.

        • (Score: 2) by DannyB on Friday January 11 2019, @04:06PM

          by DannyB (5839) Subscriber Badge on Friday January 11 2019, @04:06PM (#785080) Journal

          Bug free could still mean exploitable -- if the vulnerability were a feature rather than a bug. Or at least a feature in the eyes of whoever introduced the vulnerability into most Linux systems far and wide.

          --
          I get constant rejection even though the compiler is supposed to accept constants.
      • (Score: 0) by Anonymous Coward on Saturday January 12 2019, @04:55AM (1 child)

        by Anonymous Coward on Saturday January 12 2019, @04:55AM (#785400)

        -fstack-clash-protection is only available in gcc 8, which is way too new to be available in most stable distributions.

        • (Score: 0) by Anonymous Coward on Saturday January 12 2019, @11:53AM

          by Anonymous Coward on Saturday January 12 2019, @11:53AM (#785471)

          What I hear you saying is that RedHat is unstable.

          Now it's been sold, I have absolutely no doubt.

    • (Score: 5, Insightful) by crafoo on Friday January 11 2019, @06:50PM (1 child)

      by crafoo (6639) on Friday January 11 2019, @06:50PM (#785171)

      Bugs far more severe have been found in every layer, from the kernel upwards, of every general purpose operating system. They get fixed.

      I think you've missed the point. Bugs get fixed? OK. That's quite an assumption. Can people find the bugs? How hard is it to do so? How many people are actually looking or working on the source code? Are they all at the same institution or work for the same company?

      systemd is needlessly complex and monolithic. It's quickly becoming the achillies heal of linux. it's poorly designed. it has "features" no one asked for. It incorporates and subsumes systems that it should not.

      • (Score: 4, Funny) by aristarchus on Friday January 11 2019, @11:17PM

        by aristarchus (2645) on Friday January 11 2019, @11:17PM (#785287) Journal

        It's quickly becoming the achillies heal of linux

        Achilleus' mom wants a word with you.

  • (Score: 5, Informative) by aim on Friday January 11 2019, @02:56PM (3 children)

    by aim (6322) on Friday January 11 2019, @02:56PM (#785042)

    See subject. No systemd, no worry, no cry. And all the former glorious Debian goodness.

    • (Score: 4, Informative) by RS3 on Friday January 11 2019, @03:17PM

      by RS3 (6367) on Friday January 11 2019, @03:17PM (#785053)

      These: http://without-systemd.org/wiki/index.php/Linux_distributions_without_systemd [without-systemd.org]

      I'm running Alpine Xen on a server and love it. It's busybox based, but it's easy to install the real packages when needed. It's well maintained, and very easy to migrate to the next version. Having started on SlackWare (still my favorite & go-to) I have no problem being very hands-on.

      "refracta" looks interesting- haven't tried it yet. Anyone tried it?

    • (Score: 2) by DannyB on Friday January 11 2019, @04:07PM (1 child)

      by DannyB (5839) Subscriber Badge on Friday January 11 2019, @04:07PM (#785083) Journal

      No systemd, no worry, no cry.

      Windows doesn't have systemd yet still have lots of cry cry.

      --
      I get constant rejection even though the compiler is supposed to accept constants.
      • (Score: 5, Touché) by aim on Friday January 11 2019, @04:17PM

        by aim (6322) on Friday January 11 2019, @04:17PM (#785088)

        If you consider that systemd is basically copying the Windows way, you'll see where the crying comes from.

  • (Score: 3, Insightful) by Anonymous Coward on Friday January 11 2019, @03:22PM (4 children)

    by Anonymous Coward on Friday January 11 2019, @03:22PM (#785057)

    to immediately rip out hundreds of CentOS hosts and a dozen big-ass RHEL+Oracle hosts and replace them with Slackware and Postgres. No prob. Won't cost a thing. Oracle DBA's don't care at alll what DB they run.

    Give me Theo De Raadt over Lennart any day, Both are jerks, but at least Theo consistently delivers the well-designed robust code.

    • (Score: 0, Flamebait) by Ethanol-fueled on Friday January 11 2019, @03:31PM (2 children)

      by Ethanol-fueled (2792) on Friday January 11 2019, @03:31PM (#785061) Homepage

      You need to settle down and eat some broiled hog anus, fellow.

      • (Score: 3, Informative) by Anonymous Coward on Friday January 11 2019, @04:02PM

        by Anonymous Coward on Friday January 11 2019, @04:02PM (#785076)

        Sounds like somebody missed their meds again.

      • (Score: 0) by Anonymous Coward on Friday January 11 2019, @05:54PM

        by Anonymous Coward on Friday January 11 2019, @05:54PM (#785147)

        You sound particularly stupid today. Sup?

    • (Score: 2, Interesting) by Anonymous Coward on Friday January 11 2019, @11:03PM

      by Anonymous Coward on Friday January 11 2019, @11:03PM (#785281)

      Just wait until their first Oracle audit, then they'll want to ditch that shit

  • (Score: 4, Interesting) by Anonymous Coward on Friday January 11 2019, @04:26PM (1 child)

    by Anonymous Coward on Friday January 11 2019, @04:26PM (#785094)

    Anybody who saw the win32 ini files and didn't expect that, is just clueless. Red Hat ~ Redmond. These guys do things the MS way, and should be regarded accordingly. How this ended up being in Debian and other mainstream distro's I really can't fathom. Does anybody really know the history of this?

    It just seemed that there was a flurry of "Our shit supports everything" propaganda for about a year, and all of a sudden half a dozen distros shifted to it. There had to be a commercial interest behind it considering how much drama there was out there. Three guess's who that was, and the first two don't count.

    • (Score: 3, Interesting) by HiThere on Friday January 11 2019, @05:10PM

      by HiThere (866) on Friday January 11 2019, @05:10PM (#785128) Journal

      No evidence, but I tend to suspect government interest rather than commercial. But something large, powerful, and secretive.

      --
      Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
  • (Score: 5, Insightful) by Azuma Hazuki on Friday January 11 2019, @05:48PM (3 children)

    by Azuma Hazuki (5086) Subscriber Badge on Friday January 11 2019, @05:48PM (#785146) Journal

    ...but I TOLD YOU SO! This is the proof I've been waiting for for a couple of years now as to why systemd is cancerous. I've been on Void and Artix for a good while, Funtoo with OpenRC previously, and have been watching this entire systemd debacle with a mix of amusement (diminishing) and horror (increasing).

    This does not surprise me, and the reason it doesn't surprise me is that systemd does not have pure motives. It looks, more than anything else, like an attempt by the corporate arm of Linux development to have their own "Windows distro," complete with laying the framework for the equivalent of MSCE testing and similar "industry." It is not The Unix Way (TM), and while a lot of Linux isn't either, it at least tries, whereas systemd seems to be trying to be as deliberately Microsoft-like as possible. The whole thing smells like Windows.

    Thank fuck for OpenRC, Runit, and if it comes to this, the BSDs.

    --
    I am "that girl" your mother warned you about...
    • (Score: 0) by Anonymous Coward on Saturday January 12 2019, @01:38PM (2 children)

      by Anonymous Coward on Saturday January 12 2019, @01:38PM (#785494)

      Feel free to run old software if that floats your boat. Runit, OpenRC and SysVinit had their growing pains too.

      https://nvd.nist.gov/vuln/detail/CVE-2017-18188 [nist.gov]
      https://nvd.nist.gov/vuln/detail/CVE-1999-1327 [nist.gov]
      https://nvd.nist.gov/vuln/detail/CVE-1999-1329 [nist.gov]
      https://nvd.nist.gov/vuln/detail/CVE-2006-1319 [nist.gov]

      • (Score: 5, Informative) by digitalaudiorock on Saturday January 12 2019, @07:33PM

        by digitalaudiorock (688) on Saturday January 12 2019, @07:33PM (#785642)

        Holy shit. I stopped looking at those bug links after the first one. As it turns out, that issue with OpenRC is expressly because OpenRC is currently being managed by a pro-systemd developer who's been relentlessly screwing it up in an attempt to make it more like systemd. That's why I, and many other Gentoo users, are still using OpenRC 0.17 which works great and doesn't even use opentmpfiles at all...which is the cause of that bug! Talk about self-fulfilling prophecies. That's the systemd way after all...patting yourself on the back for fixing the shit you fuck up.

        But yea..."newer" is "better"...got it...even if it means fucking Windows-like binary logging...which by the way is where all these systemd bugs are. Give...me...a...fucking...break.

      • (Score: 3, Insightful) by Azuma Hazuki on Saturday January 12 2019, @10:15PM

        by Azuma Hazuki (5086) Subscriber Badge on Saturday January 12 2019, @10:15PM (#785688) Journal

        gb2/mom's basement, Poettering...

        --
        I am "that girl" your mother warned you about...
  • (Score: 2, Interesting) by hopdevil on Friday January 11 2019, @06:01PM (1 child)

    by hopdevil (3356) on Friday January 11 2019, @06:01PM (#785152)

    To successfully exploit this issue on a 64bit machine, you will likely have to send ~2048 of *large* high severity log messages (LOG_CRIT), over the course of ~70 minutes (avg). And you have to be running locally already.

    From an attacker's perspective, it is nice to have root and dig in. But realistically, would you want to use a blow horn to announce your presence before taking control? Most systems probably aren't monitored very well, but I'm still curious how much use this will get in the wild.

    • (Score: 3, Insightful) by crafoo on Friday January 11 2019, @06:55PM

      by crafoo (6639) on Friday January 11 2019, @06:55PM (#785172)

      That doesn't seem all that restrictive for all of the very casually monitored VPSes out there. Getting logged in with a local user shell on a linux VPS minecraft server isn't all that difficult, for instance.

  • (Score: 0) by Anonymous Coward on Friday January 11 2019, @08:28PM

    by Anonymous Coward on Friday January 11 2019, @08:28PM (#785207)
  • (Score: -1, Troll) by Anonymous Coward on Friday January 11 2019, @09:07PM

    by Anonymous Coward on Friday January 11 2019, @09:07PM (#785227)

    We developed an exploit for CVE-2018-16865 and CVE-2018-16866 that obtains a local root shell in 10 minutes on i386 and 70 minutes on amd64, on average. We will publish our exploit in the near future.

    Read that again. They purposefully designed and developed malware. I have long held a suspicion that all these zillions of 'viruses' - for Windows, Mac and now Linux) are purposefully developed by the 'security' people - with the explicit purpose to sell their 'anti-virus' software to us. They then 'distribute' their codebase to copy-kids and it proliferates.
    My view, my 2c, ymmv.

(1)