Slashdot Mirror
'Severe' Systemd Bug Allowed Remote Code Execution For Two Years (itwire.com)
ITWire reports:
A flaw in systemd, the init system used on many Linux systems, can be exploited using a malicious DNS query to either crash a system or to run code remotely. The vulnerability resides in the daemon systemd-resolved and can be triggered using a TCP payload, according to Ubuntu developer Chris Coulson. This component can be tricked into allocating less memory than needed for a look-up. When the reply is bigger it overflows the buffer allowing an attacker to overwrite memory. This would result in the process either crashing or it could allow for code execution remotely. "A malicious DNS server can exploit this by responding with a specially crafted TCP payload to trick systemd-resolved in to allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it," is how Coulson put it.
Affected Linux vendors have pushed out patches -- but the bug has apparently been present in systemd code since June of 2015. And long-time Slashdot reader walterbyrd also reports a recently-discovered bug where systemd unit files that contain illegal usernames get defaulted to root.
Affected Linux vendors have pushed out patches -- but the bug has apparently been present in systemd code since June of 2015. And long-time Slashdot reader walterbyrd also reports a recently-discovered bug where systemd unit files that contain illegal usernames get defaulted to root.
Anyone?
...why there was a push for the change to systemd.
That's a problem with Systemd. It's a pretty decent idea with a sub-par execution and a crappy way of dealing with an inherent problem.
Idea: centralized place to optimize startup, management and interconnectivity of all kinds of services.
Problem: some services in their standard form don't quite fit that model.
Solution: let's rewrite them and include as parts of systemd.
The crap part: while the originals were made by experts in that field, the replacements are made by a group of wannabe experts on everything ever, some with overinflated ego. This results in seriously inferior code replacing old 'tried and true' solutions.
At this point, the only real solution I can see is making a fork of systemd, banning the current systemd creators from participating in it, and trimming it to size. If a service doesn't quite fit systemd, work on systemd until it fits, don't rewrite it!
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
Goddamn. I mean, seriously. Software is total crap; why do we deal with this shit? WHY?!
With enough bugs, all developers are shallow.
Yes, it's a typical systemd boo-boo: it's just because systemd (the project) wants to absorb the resolver, after having absorbed (hardware) event management, device management, (user) session management, yadda, yadda.
(Disclaimer: I neither like not use myself systemd. And I'm a happy user of Debian. Yes, it is possible).
*But*: systemd-resolved is an *optional* part of the whole thing. And in Debian, for example, it is disabled by default.
So. Just disable systemd-resolved until the problem is... resolved. Pretty normal bug, I'd say. And this "for two years" part is extra scare mongering. If you've been running **bleeding edge** versions of systemd (not your usual, boring distro), then you might have been vulnerable. But then, hopefully, you'll have known what you were doing.
So... don't panic.
Like systemd? Continue using it. Don't enable -resolved until told so. Don't like systemd? Don't use. And oh, be nice to each other.
No.
My ism, it's full of beliefs.
The creator of systemd announces that these are all bugs in the kernel and have nothing to do with systemd.
Story from 5 days ago
"I bless every day that I continue to live, for every day is pure profit."
We told you so.
Anons need not reply. Questions end with a question mark.
When I first read about systemd I thought it was a knock off of the NT service control manager. Except on Windows, that's all it does. It controls services. It starts and stops them. And manages dependencies. And that's it. It doesn't take over the fucking world and try to control everything in the OS. I think this is where systemd lost its way. It's a sad day when we look to Windows as the example of "does one thing and does it well" and not the whole fucking kitchen sink.
If you want to publish fan-fic about how “the left” victimize software developers, there are more appropriate places, like dedicated fan-fic sites for all tastes, however bizarre.
Considering Potterings track record writing shoddy software I can't say I'm surprised. After all it's been quite clear for a long time that he has all the qualities someone writing code like that shouldn't have, like being arrogant, ignorant, careless and cavalier and none of the ones you'd want to see.
What I'd really want to know though is; Who the hell, considering his track record with PA et al, thought it was a good idea to let him loose on system critical components? But maybe the more pertinent question is, why is anyone going anywhere near it? I know, "because Red Hat", but that doesn't explain why there apparently isn't anyone there with a working brain. Is it really that important to become "not Linux/UNIX" so you can sell training courses, support, certifications etc? Depressing.
I think we're going to see a lot more critical bugs in the lennartware parts of the system, and if I were a black hat that's where I'd start looking.
This is old news, why don't you publish that story how "Principal systemd developer refuses to acknowledge serious security vulnerability where processes that request to be run as unprivileged user, run as root because Lennyboi does NOT like them start with zeroes! And POSIX be damned, Lenny knows better!"
the fuck are you talking about? what does politics have to do with shitty software development?
Anons need not reply. Questions end with a question mark.
"centralized place to optimize startup, management and interconnectivity of all kinds of services."
Sorry, thats not how its done in Unix. We don't want a huge monolithic application as init since that brings a huge attack surface to the most important process in the OS, not to mention a bug in a service that doesn't belong there potentially bringing down the entire system.
The summary misleadingly opens with "systemd, the init system", whereas what we're talking about is "systemd-resolved, a part of the SystemD project" (or some such -- I'm a bit vague about the capitalisation TBH).
Anyway, the point is that this bug is not in the init code.
On Debian, we don't even execute this code by default.
So, if you see red and start screaming whenever you see the sequence of characters: s y s t e m d then I'm sorry if you're still reading this, but perhaps you should consider calming down long enough to notice that systemd is both the name of the init program, and the project that also includes a lot of other bits and pieces that are not even needed quite often, and can generally be run without having systemd running as init.
Debian: GNU/Linux done the Linux way
This is why you shouldn't use Windows when... OH WAIT.
Remote exploits in critical system services? I expect nothing less from the PulseAudio creator.
If you're not familiar with smoke any mirrors from the SystemD PR king, then perhaps these inherent flaws in his projects comes as a surprise to you. But for years a handful of people tried to put the brakes on Poettering and his cronies from hijacking Linux and turning it into his egotistical vision of desktop Unix.
We have failed.
That's a Reductio ad absurdum argument. Linux Kernel is a minimum block of code to perform a function, maintained by a large block of people, systemd should be the same.
Even though systemd is built as a pile of horseshit to make Linux more like Windows for system builders (not maintainers), this is an issue which any program could have. If some fixing of this causes more bugs elsewhere in systemd to be created as a consequence of fixing this one, THEN that is a good reason to tar and feather poettering, because the design itself is creating bugs that could have been avoided if the system had been designed without monolithic integration. That said, if finding or fixing this bug was made harder because of the deliberately obscurant and monolithic design of the system, that would institute another reason for getting out the feathers and adhesive.
Anyone like to list some OS that are can help avoid all this?
Domestic spying is now "Benign Information Gathering"
Red Hat, due to their US centric model and their use as "de facto Linux for business", they get a shit ton of cash and they therefore have a large number of people working for pay on Linux.
This is a great thing.
What is not great is that RH write what RH desire most to have. What makes that unacceptable and the problem here is that RH can move the entire ecosystem with their power. This is, in effect, the same thing as Microsoft, with RH being Microsoft and Linux being "Desktop Operating Systems". Like MS, there is no actual reason why any one decision is bad, and there are some good ideas, but the problem is that the good ideas aren't all the ideas and the bad ideas do not get challenged because nobody can afford the time and effort to keep changing them or proving the badness of the idea.
What makes it bad for Linux is that this idea of systemd is how RH can make distributions easier to make and proper running of the system is not something RH care about. Both for the reasons of your system is looked after by you, so why optimise it? And also that if you are a business, the more work needed, especially if they are in a special position to be able to do it, the more revenue they get from the OS.
Remote exploitable bugs in core-Linux are incredibly rare. The systemd team is really going where nobody else has gone before. That is not a good thing at all, of course, because if you do this, you need to have excellent skills, which the systemd team most decidedly does not have. Fortunately, none of my machines or those of my employer needs to be patched, because we have banned systemd early on due to the massive KISS violation it represents. Nobody here is surprised by this bug.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
The design of systemd is that they all adhere together. Claiming this is somehow not systemd is only slightly less silly than claiming it's not systemd because it's in one of the source files not called "systemd.c".
This was no accident. This was NSA/CIA work. Plain and simple.
This must be fake. No code could be as complex in an init system as to hide a bug like this for several years...
The second 'bug' mentioned is far more crazy. The unit file mentions a user that doesn't exist (well, in tfa it is wrongly parsed, even worse), so the default action is to continue as root (instead of supplied user). And this is a good idea because... ??
Why can't this unit action just fail? Wouldn't that be far far better then just deciding to use root, this might cause all kinds of problems. I wonder which other nice surprises and default fall-back action are encoded.
On a long enough timeline, the survival rate for everyone drops to zero.
>> Perhaps we need to get rid of Linux kernel as well.
Nooo, that's a bit over the top.
We only need to integrate the Linux kernel into Systemd.
aaaaaaa
Guys, this is just part of using a modern operating system. You're just going to have to get used to getting your system pwned.
Seven puppies were harmed during the making of this post.
- "Uh? There has been another issue with systemd? Really?"
- "Yeah, but anyway, never mind, we have better things to do."
- "Okay."
Slackware: no systemd, sane defaults, no weirdo patches.
Yeah, it works.
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
Quotes, with minor modifications to make comments more readable, and some text in bold:
... That means a big boon in control for Red Hat.
"Systemd is a poor idea, poorly implemented, in a project that's poorly managed."
"... sure is wilfully, deliberately, and very gratuitously, incompatible with everyone else.
"I doubt Poettering himself understands his role in this, seeing his grasp of architecture, code quality, and so on, so that makes him a 'useful idiot'. He sure does have the personality to pull it off, though. Incompetent arrogance does go a long way, with the right backing."
Systemd, and the poor way it has been presented, had been damaging to Red Hat's reputation ("Dead Hat"). Why did Red Hat management allow that? Is it because Red Hat makes money providing consulting services, and wants Linux configuration to be difficult so that the company will make more money?
no biggy. after all this dns-lookup daemon is creating ports beyond 1024 and since it has to touch a rather big portion of the internet it obviously is running as a very least privileged user, right?
Initially, I was not bothered by systemd, an alternate init system.
Fast forward to today. I begin to see the "mission creep" it has. My primary concern in even using GNU/Linux is for security and I am aware that the NSA approached Linus to put back doors into the Linux kernel. Now I think systemd is the perfect choice of the NSA to totally compromise our systems. It is stupid, dangerous and unwanted!
At this point, with the herd group think drinking the cool-aid, I think BSD is where I need to go. I am dismayed that most of the distros are GNU/Linux but never give GNU any credit for anything. They don't even mention GNU. Maybe we should call this systemd/Linux windows-like OS.
BSD now!
The last time I criticized systemd I was accused of being intellectually dishonest.
I'm not sure how being a Linux developer and sysadmin both in my personal life and as a paid employee since 1994 could possibly allow me to intellectually dishonest about any subject having to do with Linux. Dishonesty about Linux could not possibly benefit me in any way.
What I said is that systemd started out being very buggy. Admittedly, to paraphrase Linus Torvalds, they shook most of the bugs out and it works okay most of the time.
Except that systemd changed the way everything has worked for decades, and not for the better.
I could go into specific examples, but suffice it to say that virtually everything that systemd has taken over, it is doing that job poorly. Seeing why services didn't work and making them work has gone from a 5 minute job to something that can take hours. Troubleshooting system problems by looking at logs has become arduous in some cases compared to looking at /var/log/messages or typing dmesg and having your answer in 2 minutes.
systemd needs to slim down and focus on what it does well, initializing weird devices. systemd has no business monkeying around with DNS, and that is just the beginning of the list of things it needs to take a step back from.
Call me intellectually dishonest, but I've been working with Linux for 23 years now (I installed Slackware 2.0 in July of 1994 from a stack of floppy disks) and I haven't failed to learn a thing or two along the way.
All this negative information about Linux is totally going to kill it as the desktop choice for a majority of users. There goes 2017 as a year of the Linux desktop.
Sent from my TARDIS
Which consist of making Linux more and more similar to Windows, including the presence of serious bugs for years.
On a more serious note... trolls like MikeeUSA have done more for systemd adoption than they realize: no sane systemd opponent dared to argue too strongly for fear of being associated with *that* repugnant crap. I know from personal experience, mind you.
Why does it matter how long the remote code executed for? It's just as dangerous to allow remote code to run once as it is to allow it to run for two years.
At this point its worth asking who controls linux, the community built out of tends of thousands of projects that come together, or a few corporate entities?
For a while now, the corps. Whoever is paying the salaries of developers is in control. Look at the concept of budgeting. Its not necessarily about how to wisely spend money, its also about control. Control by determining how much in the way of resources get allocated to some idea. To prioritize idea. To ensure that work is following the plan developed by senior management, not some plan developed by a consensus of engineers.
Didn't some analysis of commits a while back show most Linux development is corporate funded? Thus corps are in control.
It is in SystemD, an expanded init system. Written by SystemD developers. Pretending that it's not a SystemD problem because it's a different subsystem to the main thread is somewhat misleading IMHO so please don't insult the intelligence of readers.
If you are going to have a sig like yours you should probably try to live up to the standards of what you advocate.
It's things like this that remind us that Lennart is even now still a newbie who thinks in terms of MS Windows. The tool that could create such a username is any text editor, which is something nearly every sysadmin and nearly any long term user of *nix could have told him.
Tarring and feathering would indeed be good -- especially that Lennart as usual insta-closes an obvious and nasty security bug[1] as "non-bug". And when presented with standards documents, he says they don't apply to him [github.com]. Seriously, can someone buy this guy an "Unix for dummies" book? While we don't exactly suffer from a dearth of kooks, this particular kook enjoys having his employer promote his masterpieces even when totally inadequate. The world would be so much better without systemd, PulseAudio and avahi.
Actually nevermind, here's root access.
A 'singular oddity' is an event that cannot be explained and only happens when you are alone.
Remind me again, how many remote remote code execution bugs were in sysvinit? I can't remember.
In a bloated, poorly written piece of software like systemd? You don't say!
https://devuan.org/
Why did Red Hat management allow that? Is it because Red Hat makes money providing consulting services, and wants Linux configuration to be difficult so that the company will make more money?
By George, I think he's got it!
Funny enough, a lot. Though it's not a matter of left or right, liberal or conservative. No such petty things. This is about corporations and control of the OSS market.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Not affected here, thanks Team Devuan. Maintaining a complete GNU/Linux distro that is not reliant on systemd is extremely responsible and valuable.
Twinstiq, game news
You must be new here. The Doctrine of the Useful Idiot is referenced these days almost hourly. Hence, you must be really new here.
In this case the "useful idiot" is the trusted repository administrator, who permits a package to be hosted from upstream because it doesn't look suspicious in any way (unless the obscure rule about user accounts with leading digits is top of mind—as if every project doesn't have at least one wonky anomaly, most of which, if pursued, turn out to accord with "who knew?"—and Poettering-appropriate paranoia level is set to deep fat fry).
The trusting user will run the package installer from the trusted repository using "sudo". There's your TRANSITORY, apparently harmless root. No weird system calls. No overt fingerprint of escalation. Mission accomplished. Tick, tick, tick ...
Under Poettering, the principle of least surprise is obeyed by allowing any departure from convention, no matter how thinly understood on the ground where it matters, to lead to an unchecked root escalation.
This was not your father's principle of least surprise.
The long cascade of trusted upstream is become our new Leviathan. Can one even finish a review of inbound patches any more before the next batch arrives?
Software security engineers, eat your heart out. The veritable mascots of unfinishable business sit there drinking tea, while we double down on making things worse.
For the record, Trump is also making a good case for himself as the President of Least Surprise.
This, too, was not your father's least surprise.
A security vulnerability in something that runs as PID 1? And the systemd people go "oh, this isn't THAT terrible!"
PID 1 needs to be stable and secure. If I can crash it or tell it to perform arbitrary code as root, that's not ok. No matter what excuses the systemd people come up with, it is not acceptable. They did not fix their bug.
Here's the principle with security bugs: for the time period that it was present, you can assume there's an exploit which uses it in the wild. That is why PID 1 needs to be small and simple. Systemd is neither, so it fails at my requirement for PID 1.
Nope, don't waste perfectly good tar and feathers.
Just switch to OpenBSD already.
But guys, Linux is open source and therefore anyone can see where all the bugs are before the bad guys do.
Sane Linux users have been migrating to distros which don't include systemd for the past 3-5 years.
Personally, none of my systems run systemd anymore (the only one that ever did was an Ubuntu distro because launchpad is good for testing unusual apps that other distros don't have in their repos and that are too hard to build on gentoo/arch), although there are a few in the house running off legacy distros that still do.
No, it's only ALMOST ALL Linuxes.
Why did everyone decide they HAD to follow Red Hat's lead with systemd? This shows Linux is vulnerable to monopoly issues like the other operating systems.
Because systemd is now a hard dependency of the Gnome desktop, which a lot of distros want to ship.
Yes, and as the Gentoo spinoff Funtoo (forked by Gentoo's original author) shows, this "hard dependency" is bullshit. They maintain a patch that removes the dependency, allowing Gnome (for those masochistic enough to want to use it) to work just fine on a non-systemd distro.[1]
[1]Funtoo, like default Gentoo, uses openrc instead.
This is a serious question. Yes I know there's init, but systemd must have something going for it, otherwise it wouldn't be the default of just about all distros on the planet. ... Faster boot times come to mind.
So, is there an alternative to systemd since everybody seems to be bickering about it? What about a Linux that boots in under 10 seconds? If systemd is so shitty, what's holding people back from developing a system that is better and faster?
Thanks for any input on this.
We suffer more in our imagination than in reality. - Seneca
the tool creating the user
Ok, consider this :
1. [root@localhost ~]# adduser ii /etc/passwd
2. [root@localhost ~]# sed -i 's/ii/8i/g'
3. [root@localhost ~]# su 8i
So "sed" is the tool "creating" the user, at least it (re)defines the user name. It could have been some text editor, or "echo", or someone could mount the filesystem with /etc/passwd file in some other operating system and edited in a million ways imaginable.
Do you propose sed and all software directly or indirectly used for text editing under any operating system "validate" user names ? How about direct access to storage device with a magnet or firmware interface to storage device ?
Bingo Dictionary - Pragmatist, n. A myopic idealist.
"The APK posts are largely legit (except those of us teasing him.) " - by squiggleslash ( 241428 ) on Tuesday January 10, 2012 @08:15AM (#38649488)
Too bad you gave yourself away admitting you either impersonate me bogusly or harass/stalk me by a quote of your own words: Grow up.
* Unbelievable...
(Guess you're still butthurt I shot you to pieces on PING of DEATH here https://slashdot.org/comments.pl?sid=2610052&cid=38754490/ )
APK
P.S.=> Nice to see one of your sockpuppet SELF-UPMODDED posts exposing you this way... apk
Please give us back Ian Murdock.
In exchange we will give you Lennart Pottering.
Thanks in advance. Amen.
It is pitch black. You are likely to be eaten by a grue.
Hoo Boy ...
I can see it now ... systemd.adduser is coming right up because All'Y'All are stupid -- everyone knows UserNames do not begin with Digits !
-- kjh
Is changing something that is not broken, just so that you can experience the old bugs anew again.
What incompetent moron wrote it and what fools incorporated it into ANY other software?
[I know, I could look it up, but I have better things to do and a little time on Slashdot is better than time wasted googling while making a larger point]
There is simply NO EXCUSE for ANY post-1980 software EVER having a "bug" that allows ANY buffer overrun. It is an act of gross coding negligence to not check bounds, to load more data than the size of a buffer, etc. Anybody caught doing it should immediately lose all academic credentials and be excluded from any serious projects going forward until he/she/it earns a new 4-year degree and makes a big public grovelling apology, preferably accompanied by tears and the old self-administered back-whipping routine some old-school monks used to do - it's really THAT BAD of a coding sin.
Writing code that allows a buffer overrun is a firing offense level of incompetence, right up there with a surgeon sexually molesting a patient on the table and then leaving a dozen tools and sponges inside the patient while closing the incision before discovering he has amputated the wrong limb.
This is a prime example of why systemd is the annoyance it is, new code is never bug free.
I prefer the older init systems that at least have modular designs and tend to be less buggy.
Lady Galadriel
Linux has no flaws this is just Micro$oft propaganda. nice try steve jobs go use you buggy office in your android shit
https://access.redhat.com/secu...
It is interesting to me that this issue did not affect the version of systemd as shipped with RHEL 7. Does this not seem rather suspicious?
Seriously, anyone tries to discredit systemd needs to state very clearly:
a) technical reasons why systemd design is bad (e.g there is no design at all, etc)
b) technical reasons why systemd implementation is bad (why running everything from PID 1 is bad, etc)
c) non-technical reasons why systemd is bad (e.g. the guys behind it are a**s, etc)
d) non-technical reasons why systemd is bad *for the normal user*
e) and if we do avoid systemd, what would be the implications (e.g. no GNOME for you, etc)
SystemD is NSA's wet dream coming true.
So, how does it behave if we put a Null in a username. A good way to break most C grade programs. (Sure, not supposed to be allowed, but if an upstream process has a bug that lets it through, the world should not collapse.)
"I don't actually have any particularly strong opinions on systemd itself. I've had issues with some of the core developers that I think are much too cavalier about bugs and compatibility, and I think some of the design details are insane (I dislike the binary logs, for example), but those are details, not big issues."
Sums it up, Poettering is trash.
Comment removed based on user account deletion
no wonder his system sucks dick, he is always chasing that horse faced blonde with running back like shoulders
Wow. You have to be trolling or you're LP. This whole entire conversation has covered all of your questions.
This dumpster fire gets bigger (and stinkier) every time I go past it. Someone put it out before it immolates the entire kernel.
Manjaro-OpenRC works well and I've heard good things about Calculate Linux, neither of which use systemd by default. Void (musl version) worked well on a sacrificial netbook until an update did something dreadful to it, rendering it non-booting. Manjaro-OpenRC worked great until the cat kicked the machine off the table and nerfed the display. C'est la vie.
The more things change, the more difficult they are to change back.
Especially managers - once you finally get the PHB to make a necessary change, they go ahead and implement it without consultation because it wasn't their idea in the first place and the PHB just HATES implicitly acknowledging the underling's technical superiority.
Then when the shit is installed, without documentation, without communication, without analysis, without confirmation, without testing, without any kind of robust process, the underling says: "that's not quite what I meant, and it's actually worse now", the PHB throws a shit fit at you and says that this is how it's going to stay now that we've gone to all the trouble of making the changes YOU asked for, and you simply don't understand that we implemented is actually right, you're only an underling and so SHUT UP AND GET WITH THE PROGRAM, SCUM !!!
I know I will get hate for this, but I stopped using Linux when systemd was forcibly and mysteriously rammed down almost everyone's throat. I've always known that systemd is to Linux what UEFI is to the PC itself; an abstraction layer allowing control for the intelligence community.
Call me a troll, scream at me as much as you like; but if as a Linux user, you support systemd, you are a traitor. It is extremely simple.
Let's make a petition for Linus to ask him to write a small init. What would be better then correct integration of kernel and init.
this is clearly grounds for RH to completely re-evaluate their love affair with an obviously gifted coder, who shows he has no business being on the mgmt end of anything.
it's cut and dry, this is malicious behavior - enforced by the arrogance of the maintainer, LP
this is EXACTLY WHY OLD TIME *nix users have been screaming about systemd the whole time
WE ALL AGREE sysv init has problems, some big ones even, but systemd offers another set of problems, most of which could be avoided by having a sane, older & more experienced group steer the systemd project.
I'm really glad this has happened in a way, LP has been able to arrogance talk his way out of so much bs in the past, but not on this one.
Even a basic 5 minute discussion with senior mgmt at companies that use RedHat linux servers explaining this issue will result in a phone call to RH mgmt demanding some oversight/reshuffling/sanity be implemented
most *nix flavors have bought into systemd hook, line and sinker
(the notable exception, gentoo, got to the heart of the matter quite a long while back if you check some historical posts)... the rest of the world is finally getting upto speed :)
now modern *nix people may realize systemd haters are NOT just tin-foil hat old farts who want no progress
these arguments have been going back and forth too much, too often, and its total bs
* allowing a gifted coder the reins to the whole wagon is a wreck waiting to happen