'Severe' Systemd Bug Allowed Remote Code Execution For Two Years (itwire.com)
ITWire reports:
A flaw in systemd, the init system used on many Linux systems, can be exploited using a malicious DNS query to either crash a system or to run code remotely. The vulnerability resides in the daemon systemd-resolved and can be triggered using a TCP payload, according to Ubuntu developer Chris Coulson. This component can be tricked into allocating less memory than needed for a look-up. When the reply is bigger it overflows the buffer allowing an attacker to overwrite memory. This would result in the process either crashing or it could allow for code execution remotely. "A malicious DNS server can exploit this by responding with a specially crafted TCP payload to trick systemd-resolved in to allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it," is how Coulson put it.
Affected Linux vendors have pushed out patches -- but the bug has apparently been present in systemd code since June of 2015. And long-time Slashdot reader walterbyrd also reports a recently-discovered bug where systemd unit files that contain illegal usernames get defaulted to root.
Affected Linux vendors have pushed out patches -- but the bug has apparently been present in systemd code since June of 2015. And long-time Slashdot reader walterbyrd also reports a recently-discovered bug where systemd unit files that contain illegal usernames get defaulted to root.
systemd haters caused this bug by distracting systemd developers with their hate and bigotry. If you don't use systemd, you're a racist and you should be ashamed of yourself for causing this bug.
Are you a paid 'Red Hat Community Manager'?
Because you stick like shit to all the most poignant criticisms on here about systemd.
"You're doing a hell of a job, Brownie."
They just don't fit that idealized framework.
So each system service affected was rewritten to fit that framework. For some, the rewrite was done well. For others (systemd-resolved), not so well. And it will be expected that all future tools will be written using this framework and its support libraries, locking everyone in to the systemd way of doing things. So now your tool will not be easily portable to a different *NIX (FreeBSD, OS X, etc.).
And all the old tools? The ones that were written with startup shell scripts? Where the developers say, "Screw it. We're not rewriting our app to depend on systemd libs. Just write a unit file to launch our shell script." Do you want to see a systemd fanboy have a hissy fit and wet his pants? Just hint that you'll still be using a startup script on his precious gaming machine. In the final analysis, it doesn't really matter that much, since the important tools and apps probably will never be installed on gamers systems anyway. So Linux distros will fork. Systems for serious work. And systemd systems so autists won't have to wait a couple of extra seconds when they start their laptops.
Have gnu, will travel.