Systemd local root exploit, silently fixed a year ago

Systemd local root exploit, silently fixed a year ago

openwall.com/lists/oss-security/2017/01/24/4

Other urls found in this thread:

github.com/systemd/systemd/commit/06eeacb6fe029804f296b065b3ce91e796e1cd0e
lists.gnu.org/archive/html/screen-devel/2017-01/msg00025.html
systemd-free.org/
twitter.com/AnonBabble

github.com/systemd/systemd/commit/06eeacb6fe029804f296b065b3ce91e796e1cd0e

Vulnerability was fixed as a denial of service bug on Jan 29, 2016

wtf i hate systemd now

bug was introduced on 2015-11-11 and fixed on 2016-01-29, only rolling release distros were affected for a few days

and when fixed, probably didn't realize it was more than just a DOS, not a big deal

Exactly. People here are just dumb black women hating on Poettering because he's a white male.

Inch by inch, the roots of this movement have been digging into our foundation of freedom and security like the roots of an oak tree, slowly splitting apart a once-grand structure. GNU, Linux, BSD and other important open source communities and projects will all too soon be regarded as artifacts of a bygone era. They won't even remember us for the right reasons, as future historians will be more concerned with ensuring that their essays report on the politically correct happenings; the BSDGirls and Anita Sarkesians of our time.

local root exploit in GNU screen, wtf i hate GNU now

lists.gnu.org/archive/html/screen-devel/2017-01/msg00025.html

Commit f86a374 ("screen.c: adding permissions check for the logfile name",2015-11-04)The check opens the logfile with full root privileges. This allows us totruncate any file or create a root-owned file with any contents in anydirectory and can be easily exploited to full root access in several ways.> [email protected]/* */:~$ screen --version> Screen version 4.05.00 (GNU) 10-Dec-16> [email protected]/* */:~$ id> uid=125(buczek) gid=125(buczek)groups=125(buczek),15(users),19(adm),42(admin),154(Omp3grp),200(algrgrp),209(cdgrp),242(gridgrp),328(nchemgrp),407(hoeheweb),446(spwgrp),453(helpdesk),512(twikigrp),584(zmgrp),598(edv),643(megamgrp),677(greedgrp),5000(abt_srv),16003(framesgr),16012(chrigrp),17001(priv_cpw)> [email protected]/* */:~$ cd /etc> [email protected]/* */:/etc (master)$ screen -D -m -L bla.bla echo fail> [email protected]/* */:/etc (master)$ ls -l bla.bla> -rw-rw---- 1 root buczek 6 Jan 24 19:58 bla.bla> [email protected]/* */:/etc (master)$ cat bla.bla> fail> [email protected]/* */:/etc (master)$

my screen aint even setuid root

Devuan cannot come fast enough

You have a large array of distros to choose:
- Gentoo
- Funtoo (No systemd support)
- Slackware
- Void Linux
- PCLinuxOS
- AntiX

who gives a fuck

this
Anyone with systemd present already no longer owns their system, what's one more backdoor?

...

Oh look, it's fucking nothing

The point is that it was fixed as a DoS bug and wasn't assigned a CVE, which means it wouldn't be backported for security fixes.

Just use a Runit distro.

It was only there for about a month. Probably should've been assigned a CVE just for the DoS, but backporting probably didn't need to happen. The only people who were affected were probably rolling distros. You're not going to grab a version and freeze it at the beginning. You'd grab pretty much anything from that version, and future versions.

Anyways, umasks in this context are complicated because locking/threading/parallelism. systemd doesn't want locks, and if you knew what they were talking about neither would you.
The same shit (restrictive umask) that the one Ayer faggot is suggesting might lead to race conditions in systemd. Most people bitching indeed do not know what goes on down there.

All the more reason to stay away from the pozzed sandbox that is sysdicks. Poetting was a mistake.

What makes me sad about systemd is it does have lots of engineering gems inside.

Reading systemd source code for the first time might feel like bleach in your eyes with all those abstraction layers designed for implementing polymorphism in C language and shits but their hashmap implementation could be the most sane one that got round robin hashing with dynamic rescaling correctly (unlike rust whose team FUCKED UP big time about month ago).

That being said, good algorithm and good implementation practice does not justify the design choice systemd took and arrogance its adopters have shown.

Man I really want to get out of this business already.

fucking hate systemd

my kde-arch setup suddenly goes haywire when i try to add desktop add-on and this fucking 'systemd core dump' alien process appears and it fucking fills my hdd with its dump until 0MiB is left.

if there is a fail-safe way to replace systemd with runit or similar on arch i'd give it a try. im sick and tired of this shit. im currently using gnome and fuck you redhat if you're reading this.

never mind poettering because it's fucking redhat with their fucking backdoors.
hope that someone fork wayland off of redhat.

...

WTF am I reading
Maybe you have some Proof?

His proof is the opinion that "systemd is too complex to understand". Never mind that over 100 different companies have successfully contributed patches for it, it's still too complex for anybody to read.

Have you looked inside it, or did you just swallow so many "every single thing about systemd is bad" memes that you can't consider a more nuanced point of view?

Then what about Linux kernel?
Does he understand it?
Where's the fucking logic?

I hope Pootering leads redhat into trying to make linux their own ecosystem entirely too the point where you can't even really call their OS linux anymore and some new companies step in to pickup where they left off. They're already seemingly a quarter of the way there.

*too
Hurr

looks interesting but if I want to even install this shit, I need to be some leet haxor who knows all the settings and commands; let alone getting custom programs to run and make everything work.

Must be derivative of the previous one

Wikipedia says if I install this, by default it will start the OS in the command line terminal. Same problem for non pros

Seems interesting

I don't like KDE but I will check it out

very interesting for me as Plebian user

I did not check the devuan development for a very long time and they seem to have advanced very well. They already have a beta2 for their systemd-free version of Debian jessie

He most likely doesn't even know what "implementing polymorphism in C" means, because he doesn't understand C, and neither do most retards bitching about systemd.

jesus christ how horrifying

Enjoy having to nuke your box every time some other piece of software has a vulnerability.


Retards like you are the reason why this happens. No matter how bad the vulnerability is, your ilk will just continue like nothing happened because "lol they fixed it two months later". What about the shit that isn't public yet? Did you ever consider that this behavior provides the perfect habitat for "accidental" backdoors?

It's fucking nothing.
t
'
s

f
u
c
k
i
n
g

n
o
t
h
i
n
g
.

You literally just have to type startx or something to get out of the command line

I still don't understand why didn't they wrote systemd suite in c++.

some other user told me it has something to do with redhat's internal coding policy but right now layering of systemd internals is so verbose that it takes long time to get used to it.

...

Every single thing about systemdipshit is bad. Period. End of discussion.

...

SystemBotnet

...

Your mother's cunt stinks bad. Period. End of discussion.

...

Please stop posting pictures of yourself, you disgusting sack of shit. I just ate dinner.

Not surprising that a defective like you uses systemdipshit.

autism

You can add it at startup.


lol le gross fat nerd man xDDDDDDD
please just end our suffering and delete this board

systemd-free.org/

...

...

...

...

Some of you are retarded. Just because they found it a month before it was patched, doesn't mean it was created when they found it. It probably existed there for a long time as a zero day used by things like CIA and other security agencies.

You should never defend software that jeopardizes your safety. Specially when the developers do some shady shit like not admit they had a security issue and pretend it's just some DoS vector or something.