'Severe' Systemd Bug Allowed Remote Code Execution For Two Years (itwire.com) 59
ITWire reports: A flaw in systemd, the init system used on many Linux systems, can be exploited using a malicious DNS query to either crash a system or to run code remotely. The vulnerability resides in the daemon systemd-resolved and can be triggered using a TCP payload, according to Ubuntu developer Chris Coulson. This component can be tricked into allocating less memory than needed for a look-up. When the reply is bigger it overflows the buffer allowing an attacker to overwrite memory. This would result in the process either crashing or it could allow for code execution remotely. "A malicious DNS server can exploit this by responding with a specially crafted TCP payload to trick systemd-resolved in to allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it," is how Coulson put it.
Affected Linux vendors have pushed out patches -- but the bug has apparently been present in systemd code since June of 2015. And long-time Slashdot reader walterbyrd also reports a recently-discovered bug where systemd unit files that contain illegal usernames get defaulted to root.
Tarring and feathering would indeed be good -- especially that Lennart as usual insta-closes an obvious and nasty security bug[1] as "non-bug". And when presented with standards documents, he says they don't apply to him [github.com]. Seriously, can someone buy this guy an "Unix for dummies" book?
While we don't exactly suffer from a dearth of kooks, this particular kook enjoys having his employer promote his masterpieces even when totally inadequate. The world would be so much better without systemd, PulseAudio and avahi.
[1]. "0day" is somehow a popular name for CI systems these days, and those often allow weakly-trusted or even completely untrusted submissions.
See, this is textbook example of systemd apologists having zero clue about the software they praise.
Is the INIT part of systemd and PROCESS MANAGEMENT "simply better"? Maybe, probably (with the exception of it ignoring invalid values instead of failing to start, like this 0day issue).
But how on gods goddamned earth is reinventing a DNS recursor, which btw is not RFC compliant (per the developer's OWN words it might NEVER be compliant because that idiot has no clue what resolvers really are), any BETTER?!?!
The problem with systemd (Score:5, Insightful)
That's a problem with Systemd. It's a pretty decent idea with a sub-par execution and a crappy way of dealing with an inherent problem.
Idea: centralized place to optimize startup, management and interconnectivity of all kinds of services.
Problem: some services in their standard form don't quite fit that model.
Solution: let's rewrite them and include as parts of systemd.
The crap part: while the originals were made by experts in that field, the replacements are made by a group of wannabe experts on everything ever, some with overinflated ego. This results in seriously inferior code replacing old 'tried and true' solutions.
At this point, the only real solution I can see is making a fork of systemd, banning the current systemd creators from participating in it, and trimming it to size. If a service doesn't quite fit systemd, work on systemd until it fits, don't rewrite it!
Re:The problem with systemd (Score:5, Informative)
"a fork of systemd, banning the current systemd creators from participating in it, and trimming it to size. If a service doesn't quite fit systemd, work on systemd until it fits, don't rewrite it!"
That's not a bad idea - meanwhile, Poettering's response (presumably): "Systemd is working as expected. This is a flaw in {bind/whatever}. Bug closed."
If a service doesn't quite fit systemd, work on systemd until it fits, don't rewrite it!
Part of the appeal of the systemd is that it minimises the idiosyncrasies of all the different tools. You don't have to rewrite the services, but fitting them to systemd is reasonable. For example, udev was not rewritten, just integrated.
originals were made by experts in that field
Whatever made you say that? There are no mandatory security audit, secure coding practices, mandatory code reviews, qualification certificates or anything like that in free software. Some of it is even insecure by design (I'm looking at you, X.org). systemd will get rid of
Re:The problem with systemd (Score:5, Insightful)
"Some of it is even insecure by design "
So because all software has bugs we should just say: "Meh, who cares if systemd is bloated, has monumental feature creep, an author with a serious ego problem who doesn't like fixing them and it replaced an init which, while a bit crusty did what it said on the tin, because, well, systemd." Right?
Wrong. Systemd, is a poor idea, poorly implemented in a project thats poorly managed. Quite why redhat are in thrall to the arrogant little twerp in charge is anyones guess.
If systemd is that bad, why is it so popular? The only distros not using it are niche ones, and no-one has bothered to fork it and no-one has built anything so compellingly better that it withers and dies.
I'm not saying systemd is great, merely that it's not as terrible as some people seem to think. If it was, it would surely be ditched. FWIW I've tried many distros lately, and Fedora is by far the best, and of course uses systemd.
The crappy part is the centralized place to optimize startup.
Even Windows isn't this bad (Score:2, Interesting)
When I first read about systemd I thought it was a knock off of the NT service control manager [microsoft.com]. Except on Windows, that's all it does. It controls services. It starts and stops them. And manages dependencies. And that's it. It doesn't take over the fucking world and try to control everything in the OS. I think this is where systemd lost its way. It's a sad day when we look to Windows as the example of "does one thing and does it well" and not the whole fucking kitchen sink.
At this point, the only real solution I can see is making a fork of systemd, banning the current systemd creators from participating in it, and trimming it to size.
There are problems with that idea:
* Red Hat is backing Systemd and this is the only thing Lennart seems to work on. You'll be in the quagmire of always trying to catch up on new shitty features and broken compatibility.
* Systemd was 250K+ LoC last I checked
* Systemd's source code is poorly documented at best.
* Systemd has a overly clever design that makes it difficult to grok.
I'm not saying that Systemd shouldn't be replaced, I'm saying that you need to discard the original.
So the product is open source but not open spec.
No, its not a pretty decent idea (Score:5, Insightful)
"centralized place to optimize startup, management and interconnectivity of all kinds of services."
Sorry, thats not how its done in Unix. We don't want a huge monolithic application as init since that brings a huge attack surface to the most important process in the OS, not to mention a bug in a service that doesn't belong there potentially bringing down the entire system.
Re:No, its not a pretty decent idea (Score:5, Insightful)
We don't want a huge monolithic application as init since that brings a huge attack surface to the most important process in the OS
Perhaps we need to get rid of Linux kernel as well. But seriously, to reduce the attack surface, just disable unused services (the article even points out that Debian has systemd-resolved disabled by default). systemd is modular.
Disable unused services? Like DNS in this case? Good luck using your computer to browse the web without it.
That's a problem with Systemd. It's a pretty decent idea with a sub-par execution and a crappy way of dealing with an inherent problem.
If by "decent" you mean "spectacularly stupid, fantastically bad, terrible to depraved depths, will never work properly", then yes.
The problems with basically anything written by poettering and crew start with them being... let's be polite here, not very good with this "software architecture" thingy. Their approaches to any problem they're setting out to solve, real or imagined, are baroque, juvenile, overly complex, brittle, prone to spectacular breakage, and so is their entire everything else.
Yes, there a
Calm down. Don't panic. (Score:1)
Yes, it's a typical systemd boo-boo: it's just because systemd (the project) wants to absorb the resolver, after having absorbed (hardware) event management, device management, (user) session management, yadda, yadda.
(Disclaimer: I neither like not use myself systemd. And I'm a happy user of Debian. Yes, it is possible).
*But*: systemd-resolved is an *optional* part of the whole thing. And in Debian, for example, it is disabled by default.
So. Just disable systemd-resolved until the problem is... resolved. Pr
Surprised? (Score:3)
Dupe (Score:5, Informative)
Story from 5 days ago [slashdot.org]
From all of us Linux greybeards: (Score:2)
We told you so.
systemd is broken by design, and despite offering highly enticing improvements over legacy init systems, it also brings major regressions in terms of many of the areas Linux is expected to excel: security, stability, and not having to reboot to upgrade your system. [ewontfix.com]
Don't be dense.
the fuck are you talking about? what does politics have to do with shitty software development?
How unexpected. (Score:1)
Considering Potterings track record writing shoddy software I can't say I'm surprised. After all it's been quite clear for a long time that he has all the qualities someone writing code like that shouldn't have, like being arrogant, ignorant, careless and cavalier and none of the ones you'd want to see.
What I'd really want to know though is; Who the hell, considering his track record with PA et al, thought it was a good idea to let him loose on system critical components? But maybe the more pertinent questi
Old News (Score:2, Interesting)
This is old news, why don't you publish that story how "Principal systemd developer refuses to acknowledge serious security vulnerability where processes that request to be run as unprivileged user, run as root because Lennyboi does NOT like them start with zeroes! And POSIX be damned, Lenny knows better!"
not the init, and it doesn't affect Debian (Score:4, Informative)
The summary misleadingly opens with "systemd, the init system", whereas what we're talking about is "systemd-resolved, a part of the SystemD project" (or some such -- I'm a bit vague about the capitalisation TBH).
Anyway, the point is that this bug is not in the init code.
On Debian, we don't even execute this code by default.
So, if you see red and start screaming whenever you see the sequence of characters: s y s t e m d then I'm sorry if you're still reading this, but perhaps you should consider calming down long enough to notice that systemd is both the name of the init program, and the project that also includes a lot of other bits and pieces that are not even needed quite often, and can generally be run without having systemd running as init.
"that are not even needed quite often, and can generally be run without having systemd running as init."
I don't think anyone is in any doubt that once systemd has the option to run a service most of the bleeting distro maintaining sheep use it. It won't be long before it becomes the default resolver on most of them.
On Debian, we don't even execute this code by default.
But Ubuntu does. And the other security hole mentioned in the article does apply to Debian.
As for systemd being more than just an init: the problem lies in it replacing a large set of modular projects with an entangled blob. For example, vdev is an (experimental for now) replacement for udev that fixes a number of design problems, yet good luck using it on a systemd system.
As for running systemd without it being init: systemd-shim is dead, and it was flaky to the point of uselessness even while it lived.
Clearly (Score:1)
This is why you shouldn't use Windows when... OH WAIT.
