Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Bug Open Source Operating Systems IT Linux

'Severe' Systemd Bug Allowed Remote Code Execution For Two Years (itwire.com) 551

ITWire reports: A flaw in systemd, the init system used on many Linux systems, can be exploited using a malicious DNS query to either crash a system or to run code remotely. The vulnerability resides in the daemon systemd-resolved and can be triggered using a TCP payload, according to Ubuntu developer Chris Coulson. This component can be tricked into allocating less memory than needed for a look-up. When the reply is bigger it overflows the buffer allowing an attacker to overwrite memory. This would result in the process either crashing or it could allow for code execution remotely. "A malicious DNS server can exploit this by responding with a specially crafted TCP payload to trick systemd-resolved in to allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it," is how Coulson put it.
Affected Linux vendors have pushed out patches -- but the bug has apparently been present in systemd code since June of 2015. And long-time Slashdot reader walterbyrd also reports a recently-discovered bug where systemd unit files that contain illegal usernames get defaulted to root.
This discussion has been archived. No new comments can be posted.

'Severe' Systemd Bug Allowed Remote Code Execution For Two Years

Comments Filter:
  • by chthon ( 580889 ) on Monday July 03, 2017 @02:41AM (#54733215) Journal

    Anyone?

    • by Anonymous Coward on Monday July 03, 2017 @02:52AM (#54733231)

      Besides the author who suggests with the title that the bug resides in systemd itself rather than a project included under the systemd umbrella that's disabled by default on most distributions?

      • by Anonymous Coward on Monday July 03, 2017 @04:53AM (#54733497)

        The design of systemd is that they all adhere together. Claiming this is somehow not systemd is only slightly less silly than claiming it's not systemd because it's in one of the source files not called "systemd.c".

    • Re: (Score:3, Interesting)

      by KiloByte ( 825081 )

      Tarring and feathering would indeed be good -- especially that Lennart as usual insta-closes an obvious and nasty security bug[1] as "non-bug". And when presented with standards documents, he says they don't apply to him [github.com]. Seriously, can someone buy this guy an "Unix for dummies" book?

      While we don't exactly suffer from a dearth of kooks, this particular kook enjoys having his employer promote his masterpieces even when totally inadequate. The world would be so much better without systemd, PulseAudio and a

      • by lucm ( 889690 ) on Monday July 03, 2017 @08:28AM (#54734345)

        Followed your link, and interestingly:

        poettering locked and limited conversation to collaborators 23 hours ago

        He's a real team player

      • by GeekWithAKnife ( 2717871 ) on Monday July 03, 2017 @09:09AM (#54734605)

        Tarring and feathering would indeed be good -- especially that Lennart as usual insta-closes an obvious and nasty security bug[1] as "non-bug". And when presented with standards documents, he says they don't apply to him [github.com]. Seriously, can someone buy this guy an "Unix for dummies" book? While we don't exactly suffer from a dearth of kooks, this particular kook enjoys having his employer promote his masterpieces even when totally inadequate. The world would be so much better without systemd, PulseAudio and avahi.

        Actually nevermind, here's root access.

    • by The123king ( 2395060 ) on Monday July 03, 2017 @04:22AM (#54733417)
      I can't see how a tape archive could possibly help.
      • But feather probably would Considering how ancient the most recent version of Feather Linux [wikipedia.org] is, chances are good that this might actually not use systemd.

    • by godrik ( 1287354 )

      tar and feathers?

      $ man feathers
      No manual entry for feathers

      mmm...

  • by SharpFang ( 651121 ) on Monday July 03, 2017 @02:46AM (#54733221) Homepage Journal

    That's a problem with Systemd. It's a pretty decent idea with a sub-par execution and a crappy way of dealing with an inherent problem.

    Idea: centralized place to optimize startup, management and interconnectivity of all kinds of services.

    Problem: some services in their standard form don't quite fit that model.

    Solution: let's rewrite them and include as parts of systemd.

    The crap part: while the originals were made by experts in that field, the replacements are made by a group of wannabe experts on everything ever, some with overinflated ego. This results in seriously inferior code replacing old 'tried and true' solutions.

    At this point, the only real solution I can see is making a fork of systemd, banning the current systemd creators from participating in it, and trimming it to size. If a service doesn't quite fit systemd, work on systemd until it fits, don't rewrite it!

    • by dwywit ( 1109409 ) on Monday July 03, 2017 @02:53AM (#54733233)

      "a fork of systemd, banning the current systemd creators from participating in it, and trimming it to size. If a service doesn't quite fit systemd, work on systemd until it fits, don't rewrite it!"

      That's not a bad idea - meanwhile, Poettering's response (presumably): "Systemd is working as expected. This is a flaw in {bind/whatever}. Bug closed."

    • Re: (Score:3, Informative)

      If a service doesn't quite fit systemd, work on systemd until it fits, don't rewrite it!

      Part of the appeal of the systemd is that it minimises the idiosyncrasies of all the different tools. You don't have to rewrite the services, but fitting them to systemd is reasonable. For example, udev was not rewritten, just integrated.

      originals were made by experts in that field

      Whatever made you say that? There are no mandatory security audit, secure coding practices, mandatory code reviews, qualification certificates or anything like that in free software. Some of it is even insecure by design (I'm looking at you, X.org). systemd will get rid of

      • by Viol8 ( 599362 ) on Monday July 03, 2017 @03:48AM (#54733357) Homepage

        "Some of it is even insecure by design "

        So because all software has bugs we should just say: "Meh, who cares if systemd is bloated, has monumental feature creep, an author with a serious ego problem who doesn't like fixing them and it replaced an init which, while a bit crusty did what it said on the tin, because, well, systemd." Right?

        Wrong. Systemd, is a poor idea, poorly implemented in a project thats poorly managed. Quite why redhat are in thrall to the arrogant little twerp in charge is anyones guess.

        • Re: (Score:2, Troll)

          I am not saying that systemd is flawless, but the OP made a point that other software is well designed and well written. Which is not true. I would suggest reading The Unix-Haters handbook.
        • by Anonymous Coward on Monday July 03, 2017 @04:58AM (#54733511)

          Systemd, is a poor idea, poorly implemented in a project thats poorly managed.

          Yup.

          Quite why redhat are in thrall to the arrogant little twerp in charge is anyones guess.

          I don't know how he got a foot in the door, so all I have is my long-distance high-level. The short and sweet is "politics", and he's red hat's useful idiot in their war with oracle.

          red hat tried to tighten up their business model by splitting red hat-the-distro into fedora and RHEL. The centos guys forced red hat to release RHEL anyway because GPL. oracle then copied the whole thing verbatim, minus the branding, and called it "unbreakable linux". This allowed them to piggyback on red hat's hard work including their knowledge base. Which is why red hat put that thing behind a paywall. So oracle is doing their level best to eat red hat's lunch and using red hat's own work to do it.

          So, what can red hat still do? Well, they can become more proprietary, which is where systemd comes in. No, it's not closed source, but it sure is wilfully, deliberately, and very gratuitously, incompatible with everyone else. So if a big enough party like red hat pushes it into the market, then the rest (*cough* debian *cough*) feels they have to follow suit. That means a big boon in control for red hat. And that's what it ultimately is about.

          Of course, you have to have some sort of story of benefit for people to go along with the gambit. But for many the sort of fine-grained control you lose by going systemd wasn't that important anyway, for the good and simple reason that throwing more virtualisation and more hardware at it seems faster and so more cost effective. It's the same sort of reason why virtualisation and massive hardware is so popular in the windows world. The big gain for red hat sure isn't technical, it's political. You can see this in the fact that many rebuttals to technical complaints about systemd are entirely non-technical. Any time a technical argument ends up full of bullshit and personal attacks it really isn't about the technical merits any more.

          I doubt poettering himself understands his role in this, seeing his grasp of architecture, code quality, and so on, so that makes him a "useful idiot". He sure does have the personality to pull it off, though. Incompetent arrogance does go a long way, with the right backing.

          And, of course, once they get off the ground, bad ideas are hard to kill.

          • by Futurepower(R) ( 558542 ) on Monday July 03, 2017 @06:46AM (#54733827) Homepage
            Quotes, with minor modifications to make comments more readable, and some text in bold:

            "Systemd is a poor idea, poorly implemented, in a project that's poorly managed."

            "... sure is wilfully, deliberately, and very gratuitously, incompatible with everyone else. ... That means a big boon in control for Red Hat.

            "I doubt Poettering himself understands his role in this, seeing his grasp of architecture, code quality, and so on, so that makes him a 'useful idiot'. He sure does have the personality to pull it off, though. Incompetent arrogance does go a long way, with the right backing."

            Systemd, and the poor way it has been presented, had been damaging to Red Hat's reputation ("Dead Hat"). Why did Red Hat management allow that? Is it because Red Hat makes money providing consulting services, and wants Linux configuration to be difficult so that the company will make more money?
    • The crappy part is the centralized place to optimize startup.

    • by Anonymous Coward on Monday July 03, 2017 @03:14AM (#54733273)

      When I first read about systemd I thought it was a knock off of the NT service control manager [microsoft.com]. Except on Windows, that's all it does. It controls services. It starts and stops them. And manages dependencies. And that's it. It doesn't take over the fucking world and try to control everything in the OS. I think this is where systemd lost its way. It's a sad day when we look to Windows as the example of "does one thing and does it well" and not the whole fucking kitchen sink.

      • by SharpFang ( 651121 ) on Monday July 03, 2017 @04:54AM (#54733501) Homepage Journal

        Systemd's extra promise was *optimization* of startup.

        It was meant to be achieved through creation and binding of sockets: Service X must wait for service Y to start and create a start up, because X needs to bind to a socket Y creates. It won't be using that socket in a while yet, but it can't initialize without that socket present.
        What systemd does is create that socket so that Service X can bind to it right away, and proceed with startup, and once Y arrives at the point of creation of the socket, it's bound to the socket Systemd created. There, instead of sequence of complete startups of services, which is lengthy, you have only sequence of socket binding, which is fast, and parallel startup, which is fast too.

        This is a neat idea which breaks upon meeting the reality.

        Because not everything uses sockets. Not everything can start up with the socket merely present, some need it for real right away. Not everything is structured the way systemd envisioned it; some applications aren't just monolithic executables, but e.g. lengthy shell scripts repeating hundreds of calls to a given executable with different parameters (e.g. iptables). They just don't fit that idealized framework.

        And so, the framework does what a framework with overinflated ego author does. Including the crap part.

    • by Gravis Zero ( 934156 ) on Monday July 03, 2017 @03:32AM (#54733317)

      At this point, the only real solution I can see is making a fork of systemd, banning the current systemd creators from participating in it, and trimming it to size.

      There are problems with that idea:

      * Red Hat is backing Systemd and this is the only thing Lennart seems to work on. You'll be in the quagmire of always trying to catch up on new shitty features and broken compatibility.
      * Systemd was 250K+ LoC last I checked
      * Systemd's source code is poorly documented at best.
      * Systemd has a overly clever design that makes it difficult to grok.

      I'm not saying that Systemd shouldn't be replaced, I'm saying that you need to discard the original.

      • So the product is open source but not open spec.

        • by Anonymous Coward on Monday July 03, 2017 @05:42AM (#54733623)

          It's worse than that. The community didn't have any say in it, it just got rammed down everyones throats; its revealed that linux has started to follow the cathedral model as vendors like Redhat gain more and more exclusive control over it. At this point its worth asking who controls linux, the community built out of tends of thousands of projects that come together, or a few corporate entities?

          • At this point its worth asking who controls linux, the community built out of tends of thousands of projects that come together, or a few corporate entities?

            For a while now, the corps. Whoever is paying the salaries of developers is in control. Look at the concept of budgeting. Its not necessarily about how to wisely spend money, its also about control. Control by determining how much in the way of resources get allocated to some idea. To prioritize idea. To ensure that work is following the plan developed by senior management, not some plan developed by a consensus of engineers.

            Didn't some analysis of commits a while back show most Linux development is corp

    • by Viol8 ( 599362 ) on Monday July 03, 2017 @03:42AM (#54733341) Homepage

      "centralized place to optimize startup, management and interconnectivity of all kinds of services."

      Sorry, thats not how its done in Unix. We don't want a huge monolithic application as init since that brings a huge attack surface to the most important process in the OS, not to mention a bug in a service that doesn't belong there potentially bringing down the entire system.

      • by Tranzistors ( 1180307 ) on Monday July 03, 2017 @03:51AM (#54733359)

        We don't want a huge monolithic application as init since that brings a huge attack surface to the most important process in the OS

        Perhaps we need to get rid of Linux kernel as well. But seriously, to reduce the attack surface, just disable unused services (the article even points out that Debian has systemd-resolved disabled by default). systemd is modular.

      • Where do you think this service lies? Do you think its running in PID1? It might be a good idea to find out where systemd_resolved runs in the system. No matter how many time people peddle the lie that "systemd is monolithic", it does not make it true. If you don't want a monolithic software on your system, you'd better remove the kernel and install Hurd.
    • Re: (Score:3, Insightful)

      by Anonymous Coward

      That's a problem with Systemd. It's a pretty decent idea with a sub-par execution and a crappy way of dealing with an inherent problem.

      If by "decent" you mean "spectacularly stupid, fantastically bad, terrible to depraved depths, will never work properly", then yes.

      The problems with basically anything written by poettering and crew start with them being... let's be polite here, not very good with this "software architecture" thingy. Their approaches to any problem they're setting out to solve, real or imagined, are baroque, juvenile, overly complex, brittle, prone to spectacular breakage, and so is their entire everything else.

      Yes, there a

  • Surprised? (Score:5, Insightful)

    by MrKaos ( 858439 ) on Monday July 03, 2017 @03:08AM (#54733253) Journal
    No.
  • Dupe (Score:5, Informative)

    by lobiusmoop ( 305328 ) on Monday July 03, 2017 @03:10AM (#54733259) Homepage

    Story from 5 days ago [slashdot.org]

  • by Gravis Zero ( 934156 ) on Monday July 03, 2017 @03:12AM (#54733269)

    We told you so.

  • Old News (Score:5, Interesting)

    by Anonymous Coward on Monday July 03, 2017 @03:36AM (#54733327)

    This is old news, why don't you publish that story how "Principal systemd developer refuses to acknowledge serious security vulnerability where processes that request to be run as unprivileged user, run as root because Lennyboi does NOT like them start with zeroes! And POSIX be damned, Lenny knows better!"

    • by AmiMoJo ( 196126 )

      Okay, let's look at this bug.

      It requires existing root access in order to create a new user. So if someone exploits it, you are already fucked.

      You say it goes against POSIX. This is true, but so does Linux. So do some of the GNU tools. Somehow that's okay, because strcmp("systemd", "linux") returns a non-zero value in your mind.

      What is your argument that it shouldn't be fixed in the various user account management tools rather than in systemd?

      • It requires existing root access in order to create a new user. So if someone exploits it, you are already fucked.

        Not really. A really obvious way to exploit this: say someone manages to compromise the repository of a project that has a decent chance of being run by a "0day" user (apparently fairly common in some circles.) They add some code that opens a backdoor if the tool is run as root. A user downloads this software, installs it as the "0day" user, and then installs a completely innocuous unit file to start the tool as that user. At this point, the user would expect that damage would be limited to the user he

      • It requires existing root access in order to create a new user. So if someone exploits it, you are already fucked.

        You must be new here. The Doctrine of the Useful Idiot is referenced these days almost hourly. Hence, you must be really new here.

        In this case the "useful idiot" is the trusted repository administrator, who permits a package to be hosted from upstream because it doesn't look suspicious in any way (unless the obscure rule about user accounts with leading digits is top of mind—as if every

      • by sjames ( 1099 )

        I don't know about AC, but I can name a few reasons. First, systemd is the noob, it's up to it to fit in with existing systems which may already have user names it doesn't like. Or it should at least not create an accident waiting to happen (that is, at least fail clean).

        Second, any software should be liberal in what it accepts and strict in it's output. I suppose that's an argument that it be fixed in systemd AND the other utilities. Robust systems should deal in a reasonable way with illegal but not actu

  • by Phil Hands ( 2365 ) on Monday July 03, 2017 @03:46AM (#54733349) Homepage

    The summary misleadingly opens with "systemd, the init system", whereas what we're talking about is "systemd-resolved, a part of the SystemD project" (or some such -- I'm a bit vague about the capitalisation TBH).

    Anyway, the point is that this bug is not in the init code.

    On Debian, we don't even execute this code by default.

    So, if you see red and start screaming whenever you see the sequence of characters: s y s t e m d then I'm sorry if you're still reading this, but perhaps you should consider calming down long enough to notice that systemd is both the name of the init program, and the project that also includes a lot of other bits and pieces that are not even needed quite often, and can generally be run without having systemd running as init.

    • by Viol8 ( 599362 ) on Monday July 03, 2017 @03:54AM (#54733361) Homepage

      "that are not even needed quite often, and can generally be run without having systemd running as init."

      I don't think anyone is in any doubt that once systemd has the option to run a service most of the bleeting distro maintaining sheep use it. It won't be long before it becomes the default resolver on most of them.

    • You are not expecting the trolls to understand that, are you?
    • by KiloByte ( 825081 ) on Monday July 03, 2017 @04:17AM (#54733411)

      On Debian, we don't even execute this code by default.

      But Ubuntu does. And the other security hole mentioned in the article does apply to Debian.

      As for systemd being more than just an init: the problem lies in it replacing a large set of modular projects with an entangled blob. For example, vdev is an (experimental for now) replacement for udev that fixes a number of design problems, yet good luck using it on a systemd system.

      As for running systemd without it being init: systemd-shim is dead, and it was flaky to the point of uselessness even while it lived. You need to recompile the Utopia stack to enjoy basics we used to take for granted like being able to shutdown or suspend from a GUI.

      People have tried carving out pieces of systemd to use them separately, like uselessd, yet all such attempts I know of ended in failure because of systemd's blobbiness.

  • by Anonymous Coward

    Remote exploits in critical system services? I expect nothing less from the PulseAudio creator.

    If you're not familiar with smoke any mirrors from the SystemD PR king [0pointer.de], then perhaps these inherent flaws in his projects comes as a surprise to you. But for years a handful of people tried to put the brakes on Poettering and his cronies from hijacking Linux and turning it into his egotistical vision of desktop Unix.

    We have failed.

  • Anyone like to list some OS that are can help avoid all this?
  • Remote exploitable bugs in core-Linux are incredibly rare. The systemd team is really going where nobody else has gone before. That is not a good thing at all, of course, because if you do this, you need to have excellent skills, which the systemd team most decidedly does not have. Fortunately, none of my machines or those of my employer needs to be patched, because we have banned systemd early on due to the massive KISS violation it represents. Nobody here is surprised by this bug.

  • The second one (Score:5, Informative)

    by sad_ ( 7868 ) on Monday July 03, 2017 @06:02AM (#54733675) Homepage

    The second 'bug' mentioned is far more crazy. The unit file mentions a user that doesn't exist (well, in tfa it is wrongly parsed, even worse), so the default action is to continue as root (instead of supplied user). And this is a good idea because... ??

    Why can't this unit action just fail? Wouldn't that be far far better then just deciding to use root, this might cause all kinds of problems. I wonder which other nice surprises and default fall-back action are encoded.

  • by Noryungi ( 70322 ) on Monday July 03, 2017 @06:34AM (#54733785) Homepage Journal

    - "Uh? There has been another issue with systemd? Really?"
    - "Yeah, but anyway, never mind, we have better things to do."
    - "Okay."

    Slackware: no systemd, sane defaults, no weirdo patches.

    Yeah, it works.

  • by jgotts ( 2785 ) <jgotts@gmaCOLAil.com minus caffeine> on Monday July 03, 2017 @07:16AM (#54733979)

    The last time I criticized systemd I was accused of being intellectually dishonest.

    I'm not sure how being a Linux developer and sysadmin both in my personal life and as a paid employee since 1994 could possibly allow me to intellectually dishonest about any subject having to do with Linux. Dishonesty about Linux could not possibly benefit me in any way.

    What I said is that systemd started out being very buggy. Admittedly, to paraphrase Linus Torvalds, they shook most of the bugs out and it works okay most of the time.

    Except that systemd changed the way everything has worked for decades, and not for the better.

    I could go into specific examples, but suffice it to say that virtually everything that systemd has taken over, it is doing that job poorly. Seeing why services didn't work and making them work has gone from a 5 minute job to something that can take hours. Troubleshooting system problems by looking at logs has become arduous in some cases compared to looking at /var/log/messages or typing dmesg and having your answer in 2 minutes.

    systemd needs to slim down and focus on what it does well, initializing weird devices. systemd has no business monkeying around with DNS, and that is just the beginning of the list of things it needs to take a step back from.

    Call me intellectually dishonest, but I've been working with Linux for 23 years now (I installed Slackware 2.0 in July of 1994 from a stack of floppy disks) and I haven't failed to learn a thing or two along the way.

    • by Anonymous Coward on Monday July 03, 2017 @08:01AM (#54734223)

      I started with Unix in 1982.

      Systemd fails many of the basic Unix concepts. Small, interconnectable tools, text log files, human readable configurations.

      • by F.Ultra ( 1673484 ) on Monday July 03, 2017 @03:36PM (#54737651)
        How are the unit files not "human readable configurations", especially when compared with the old sysv init scripts?
        • How are the unit files not "human readable configurations", especially when compared with the old sysv init scripts?

          Because virtually all of the behavior was in the init scripts where you could read it, whereas most of systemd's behavior is in the various daemons, where you have to be able to understand the code to understand what it's going to do when you feed it a simple unit file.

          Of course, in order to understand what an init script does, you have to understand shell scripting; but shell scripting is a central feature of Unix which you should understand anyway as an admin, no matter what you are doing with it. Users a

  • This is a serious question. Yes I know there's init, but systemd must have something going for it, otherwise it wouldn't be the default of just about all distros on the planet. ... Faster boot times come to mind.

    So, is there an alternative to systemd since everybody seems to be bickering about it? What about a Linux that boots in under 10 seconds? If systemd is so shitty, what's holding people back from developing a system that is better and faster?

    Thanks for any input on this.

Never test for an error condition you don't know how to handle. -- Steinbach

Working...