Skip to main content
Topic: New SystemD Vulnerability Discovered (Read 2016 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

New SystemD Vulnerability Discovered

https://www.theregister.co.uk/2018/10/26/systemd_dhcpv6_rce/   (nice title)
https://news.slashdot.org/story/18/10/27/196227/new-systemd-vulnerability-discovered

What worries me is how silly the buffer length has been treated ...
from       if (*buflen < len)
to            if (*buflen < offsetof(DHCP6Option, data) + len)

This isn't about init system and unix philosophy, it's plain bad

Re: New SystemD Vulnerability Discovered

Reply #1
Systemd is not only init for a very long time.
Systemd is slowly swallowing things around it which are on boundary between kernel and user programs, or are just often used services, or must have things which does not belong to kernel....
In this way making systemd some kind of a system which you will use to do anything.

With this mindset and philosophy, How can it be safe and stable ?
Also keep in mind that problems will become more and more complex.

Re: New SystemD Vulnerability Discovered

Reply #2
The systemd-networkd code is horrifically bad. There's that blog post rant that's been going around, and I agree with the author although the assert_return macro doesn't really bother me as much (it's just a misleading name). The silver lining here is that not even systemd users use systemd-networkd, but it still doesn't change the fact that the design is flat out horrible.

Re: New SystemD Vulnerability Discovered

Reply #3
SystemD is perfect example of "How to not do it".

Re: New SystemD Vulnerability Discovered

Reply #4
https://www.theregister.co.uk/2018/10/26/systemd_dhcpv6_rce/   (nice title)
https://news.slashdot.org/story/18/10/27/196227/new-systemd-vulnerability-discovered

What worries me is how silly the buffer length has been treated ...
from       if (*buflen < len)
to            if (*buflen < offsetof(DHCP6Option, data) + len)

This isn't about init system and unix philosophy, it's plain bad


to me this code looks totally confused, assume len is an unsigned int or unsigned small int.. why does it not trigguer an error with the compiler.

Re: New SystemD Vulnerability Discovered

Reply #5
Does this affect artix as i use startx ?

Re: New SystemD Vulnerability Discovered

Reply #6
Does this affect artix as i use startx ?
Artix is non-systemd, so it should be a non-issue here.

Best regards.
We should try to be kind to everyone.....we are all fighting some sort of battle.