SoylentNews is people
SoylentNews
Security researcher and MateSSL founder, Andrew Ayer has uncovered a bug which will either crash or make systemd unstable (depending on who you talk to) on pretty much every linux distro. David Strauss posted a highly critical response to Ayer. In true pedantic nerd-fight fashion there is a bit of back and forth between them over the "true" severity of the issue and what not.
Nerd fights aside, how you feel about this bug, will probably largely depend on how you feel about systemd in general.
The following command, when run as any user, will crash systemd:
NOTIFY_SOCKET=/run/systemd/notify systemd-notify ""
After running this command, PID 1 is hung in the
pausesystem call. You can no longer start and stop daemons. inetd-style services no longer accept connections. You cannot cleanly reboot the system. The system feels generally unstable (e.g. ssh and su hang for 30 seconds since systemd is now integrated with the login system). All of this can be caused by a command that's short enough to fit in a Tweet.Edit (2016-09-28 21:34): Some people can only reproduce if they wrap the command in a
while trueloop. Yay non-determinism!
(Score: 3, Interesting) by butthurt on Wednesday October 05 2016, @01:49AM
I wish we could leave the SSL certificate aside. The troll's quote is accurate. If you think kernel.org has been hijacked (which itself would be newsworthy) you can compare the page to an archived copy on archive.org:
https://web.archive.org/web/20000902093410/http://ftp.kernel.org/pub/linux/kernel/v2.1/WARNING-2.1.44 [archive.org]
Here's a bug report:
http://lkml.iu.edu/hypermail/linux/kernel/9707.1/0068.html [iu.edu]
Note that this was in 1997. At that time, the Linux kernel was, if I'm not mistaken, developed without the use of a source code management system (SCMS) and perhaps for that reason, without branches. New features were added during an "unstable" development period, during which the 2.1 versions (for example) were released, then bugs were corrected during a "stable" development period, during which the 2.0 and later the 2.2 versions (for example) were released. At any one time, only one version was under development. Like other 2.1.x versions, Linux 2.1.44 was never intended for serious use; its purpose was for the introduction and testing of new features. Versions 2.0, 1.8, 1.6 etc. (with even-numbered minor version numbers) were intended for production use.
Now, about systemd. This, according to freedesktop.org, is how development of systemd proceeds:
The upstream systemd git repo only contains the main systemd branch that progresses at a quick pace, continuously bringing both bugfixes and new features. Distributions usually prefer basing their releases on stabilized versions branched off from this, that receive the bugfixes but not the features.
-- https://www.freedesktop.org/wiki/Software/systemd/Backports/ [freedesktop.org]
So an SCMS is being used, which is nice, but (just going by this quote) the task of producing thoroughly-tested stable versions of the software seemingly is left up to distributors. If that's true, it suggests to me that stability isn't yet the highest priority in systemd's development. Yet the functions systemd performs are crucial, and some distributors have chosen to include it in the stable releases of their Linux-based operating systems.
(Score: 0, Insightful) by Anonymous Coward on Wednesday October 05 2016, @01:55AM
Oh wow! Self referential trolling really does work.
(Score: -1, Troll) by Anonymous Coward on Wednesday October 05 2016, @01:57AM
Boo hoo. Stop calling me gullible Gulliver.
(Score: 2) by opinionated_science on Wednesday October 05 2016, @02:58PM
I will repeat - debian jessie does not have this bug. They are running an older/stable/patched version (2.15).
Perhaps the issue with systemd is that different environments (kernel/libraries) etc has caused "bug boundaries"
If you watched the last LP talk, there are attempts to greatly reduce this problem with the "portable" systemd interface.
uptime 10:30am up 468 days 11:59, 1 user, load average: 0.43, 0.30, 0.35
Show me a windows or Mac with uptime like that....
(Score: 0) by Anonymous Coward on Wednesday October 05 2016, @03:43PM
So you didn't install kernel patches for over a year?
Anyway, such uptime should be easy to achieve (not tested): Start BIOS, set time to past, boot OS, set time to correct value (or let NTP do that).
(Score: 2) by butthurt on Thursday October 06 2016, @01:05AM
> I will repeat - debian jessie does not have this bug. They are running an older/stable/patched version (2.15).
Good for Debian, but does the systemd project attempt to make stable releases so that all distributors who care about such things?
> Perhaps the issue with systemd is that different environments (kernel/libraries) etc has caused "bug boundaries"
I don't understand the term "bug boundaries".
> If you watched the last LP talk, there are attempts to greatly reduce this problem with the "portable" systemd interface.
I must admit, I haven't watched even one of his talks. Did you go to the systemd conference?
> [...] up 468 days 11:59, 1 user [...]
I don't suppose that one user is malicious. Is ksplice in use?
(Score: 0) by Anonymous Coward on Sunday October 09 2016, @01:38PM
Linux ran stable for years even with sysv, big woop...