SoylentNews is people
SoylentNews
Security researcher and MateSSL founder, Andrew Ayer has uncovered a bug which will either crash or make systemd unstable (depending on who you talk to) on pretty much every linux distro. David Strauss posted a highly critical response to Ayer. In true pedantic nerd-fight fashion there is a bit of back and forth between them over the "true" severity of the issue and what not.
Nerd fights aside, how you feel about this bug, will probably largely depend on how you feel about systemd in general.
The following command, when run as any user, will crash systemd:
NOTIFY_SOCKET=/run/systemd/notify systemd-notify ""
After running this command, PID 1 is hung in the
pausesystem call. You can no longer start and stop daemons. inetd-style services no longer accept connections. You cannot cleanly reboot the system. The system feels generally unstable (e.g. ssh and su hang for 30 seconds since systemd is now integrated with the login system). All of this can be caused by a command that's short enough to fit in a Tweet.Edit (2016-09-28 21:34): Some people can only reproduce if they wrap the command in a
while trueloop. Yay non-determinism!
(Score: -1, Troll) by Anonymous Coward on Wednesday October 05 2016, @12:51AM
No! Linux has always been fucking perfect! How dare anyone code anything new on Linux perfection!!
Linux! Linux! Linux! Linux!
Chant it with me!
Linux! Linux! Linux! Linux! Linux! Linux!
(Score: 3, Funny) by Anonymous Coward on Wednesday October 05 2016, @01:04AM
$ NOTIFY_SOCKET=/run/systemd/notify systemd-notify ""
bash: systemd-notify: command not found
*yawns*~ Smug Gentoo user here.
(Score: 0) by Anonymous Coward on Wednesday October 05 2016, @01:07AM
-bash: systemd-notify: command not found
Slackware user here - same result, no problems.
(Score: -1, Redundant) by Anonymous Coward on Wednesday October 05 2016, @01:32AM
NOTIFY_SOCKET=/run/systemd/notify systemd-notify ""
N
o
p
r
o
b
l
e
m
h
e
r
e
.
W
T
H
?
(Score: 2) by NotSanguine on Wednesday October 05 2016, @02:37AM
I was able to reproduce the bug on Fedora Core 21 (kernel 4.1.8-100).
After entering "NOTIFY_SOCKET=/run/systemd/notify systemd-notify "" as an unprivileged user, systemd became unresponsive in starting/stopping/restarting services as root.
However, I was able to execute 'systemctl daemon-reload' as root, and voila! systemd is responsive again.
As such, it seems that this is less of an issue than it might be, since a reboot isn't required to recover from the bug.
It's still ridiculous that systemd is vulnerable in this way, any code that is as central as systemd now is, should be much more careful in parsing/validating input.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 0) by Anonymous Coward on Sunday October 09 2016, @01:41PM
Was the root session open already?
(Score: 2, Funny) by Anonymous Coward on Wednesday October 05 2016, @01:48AM
*yawns*~ Smug Gentoo user here.
I didn't have any problems either.
~ oblivious Windows user here.
(Score: -1, Troll) by Anonymous Coward on Wednesday October 05 2016, @01:06AM
Why not modded down yet, rabid Linux dweebs?
Here's your proof, Linux was shit:
https://ftp.kernel.org/pub/linux/kernel/v2.1/WARNING-2.1.44 [kernel.org]
WARNING: 2.1.44 is extremely unstable and can cause filesystem
corruption! Please test only on systems where you can tolerate data
loss!
Corruption? Data loss? CAUSED BY LINUX?????????
(Score: -1, Redundant) by Anonymous Coward on Wednesday October 05 2016, @01:14AM
https://ftp.kernel.org/pub/linux/kernel/v2.1/WARNING-2.1.44 [kernel.org]
NET::ERR_CERT_COMMON_NAME_INVALID
Lying troll is a liar.
(Score: 3, Interesting) by butthurt on Wednesday October 05 2016, @01:49AM
I wish we could leave the SSL certificate aside. The troll's quote is accurate. If you think kernel.org has been hijacked (which itself would be newsworthy) you can compare the page to an archived copy on archive.org:
https://web.archive.org/web/20000902093410/http://ftp.kernel.org/pub/linux/kernel/v2.1/WARNING-2.1.44 [archive.org]
Here's a bug report:
http://lkml.iu.edu/hypermail/linux/kernel/9707.1/0068.html [iu.edu]
Note that this was in 1997. At that time, the Linux kernel was, if I'm not mistaken, developed without the use of a source code management system (SCMS) and perhaps for that reason, without branches. New features were added during an "unstable" development period, during which the 2.1 versions (for example) were released, then bugs were corrected during a "stable" development period, during which the 2.0 and later the 2.2 versions (for example) were released. At any one time, only one version was under development. Like other 2.1.x versions, Linux 2.1.44 was never intended for serious use; its purpose was for the introduction and testing of new features. Versions 2.0, 1.8, 1.6 etc. (with even-numbered minor version numbers) were intended for production use.
Now, about systemd. This, according to freedesktop.org, is how development of systemd proceeds:
The upstream systemd git repo only contains the main systemd branch that progresses at a quick pace, continuously bringing both bugfixes and new features. Distributions usually prefer basing their releases on stabilized versions branched off from this, that receive the bugfixes but not the features.
-- https://www.freedesktop.org/wiki/Software/systemd/Backports/ [freedesktop.org]
So an SCMS is being used, which is nice, but (just going by this quote) the task of producing thoroughly-tested stable versions of the software seemingly is left up to distributors. If that's true, it suggests to me that stability isn't yet the highest priority in systemd's development. Yet the functions systemd performs are crucial, and some distributors have chosen to include it in the stable releases of their Linux-based operating systems.
(Score: 0, Insightful) by Anonymous Coward on Wednesday October 05 2016, @01:55AM
Oh wow! Self referential trolling really does work.
(Score: -1, Troll) by Anonymous Coward on Wednesday October 05 2016, @01:57AM
Boo hoo. Stop calling me gullible Gulliver.
(Score: 2) by opinionated_science on Wednesday October 05 2016, @02:58PM
I will repeat - debian jessie does not have this bug. They are running an older/stable/patched version (2.15).
Perhaps the issue with systemd is that different environments (kernel/libraries) etc has caused "bug boundaries"
If you watched the last LP talk, there are attempts to greatly reduce this problem with the "portable" systemd interface.
uptime 10:30am up 468 days 11:59, 1 user, load average: 0.43, 0.30, 0.35
Show me a windows or Mac with uptime like that....
(Score: 0) by Anonymous Coward on Wednesday October 05 2016, @03:43PM
So you didn't install kernel patches for over a year?
Anyway, such uptime should be easy to achieve (not tested): Start BIOS, set time to past, boot OS, set time to correct value (or let NTP do that).
(Score: 2) by butthurt on Thursday October 06 2016, @01:05AM
> I will repeat - debian jessie does not have this bug. They are running an older/stable/patched version (2.15).
Good for Debian, but does the systemd project attempt to make stable releases so that all distributors who care about such things?
> Perhaps the issue with systemd is that different environments (kernel/libraries) etc has caused "bug boundaries"
I don't understand the term "bug boundaries".
> If you watched the last LP talk, there are attempts to greatly reduce this problem with the "portable" systemd interface.
I must admit, I haven't watched even one of his talks. Did you go to the systemd conference?
> [...] up 468 days 11:59, 1 user [...]
I don't suppose that one user is malicious. Is ksplice in use?
(Score: 0) by Anonymous Coward on Sunday October 09 2016, @01:38PM
Linux ran stable for years even with sysv, big woop...
(Score: 3, Informative) by jmorris on Wednesday October 05 2016, @01:16AM
Yo, tard! The 2.1 series was unstable by design. 2.0, 2.2, 2.4 and 2.6 were stable, 2.1, 2.3, 2.5 the unstable branches. These days there isn't a need for an unstable tree because most of the low level stuff is pretty much in a final state, changing only slowly. Now we have the main branch and an LTS branch since the need is simply for kernel trees that will receive security patches for a long enough time to make them suitable for real world deployment.
(Score: -1, Flamebait) by Anonymous Coward on Wednesday October 05 2016, @01:22AM
These days there isn't a need for an unstable tree because most of the low level stuff is pretty much in a final state, changing only slowly.
Hey, fuckwit! That's the point! Linux is old mature software! Systemd is still new and immature! This story is sensationalist garbage!
(Score: 2) by Bot on Wednesday October 05 2016, @01:48AM
1. you did not ROTFLMAO at the GP epic fail
2. you admit systemd has no place in any production system
I either salute a subtle troll, or predict an astroturfer won't get his 50cents from RH.
Account abandoned.
(Score: 4, Touché) by Bot on Wednesday October 05 2016, @01:40AM
Yeah bugs.
Before systemd:
Do X
Error Y
Hm well let's try to reboot
Do X
Error Y
Hm let's try to update
Do X
Error Y
Hm let's try to recompile
Do X
Error Y
Hm let's go to the forums, bts, whatever
"I do X, i get error Y"
"me too on arm"
"do Z"
Do Z
Do X
OK
On systemd> see windows.
Account abandoned.
(Score: 3, Funny) by Anonymous Coward on Wednesday October 05 2016, @02:48AM
I thought it was:
Do X
Error Y
Hm well let's try to reboot
Do X
Error Y
Hm let's try to update
Do X
Error Y
Hm let's try to recompile
Do X
Error Y
Hm let's go to the forums, bts, whatever
"I do X, i get error Y"
DIAF TROLL how dare you criticize SYSTEMD?!?!?! HAHA LOOK AT THE N00B THROWING A TANTRUM!!!