Linux's Systemd can be pwned via an evil DNS query

[forquare]

It never ceases to amaze me: https://www.theregister.co.uk/2017/07/05/linux_systemd_grants_root_to_invalid_user_accounts/

CVE Page here:
https://nvd.nist.gov/vuln/detail/CVE-2017-1000082
9.8, Critical severity…

 

[ekingston]

I'm just waiting patiently for that whole systemd debacle to massively implode by itself. Seems like it's bound to happen sooner or later.

I stumbled across an article you might like.

https://www.theregister.co.uk/2017/07/17/linux_4_13_rc1/

 

[ShelLuser]

Next stop: adding the samba stack into systemd, I know the devs. are up to that!

 

[sko]

Next stop: adding the samba stack into systemd, I know the devs. are up to that!

With SMBv1 support i guess? Because you know, there is so much legacy crap systems out there that need to be supported

 

[rufwoof]

Wont systemD have a tendency to produce more eyes working on the same thing rather than doing one thing well, 101 different ways

https://upload.wikimedia.org/wikipedia/commons/1/1b/Linux_Distribution_Timeline.svg

Can't help wonder if all of those eyes (man hours) had instead been put to a common focus !!!

 

[Deleted member 9563]

Wont systemD have a tendency to produce more eyes working on the same thing

I think the systemd philosophy is to be EVERYTHING to everybody. That's hardly "the same thing". So instead of getting specialist eyes looking at this we're going to get a bunch of generalists. Some think that's a recipe for disaster.

 

[rufwoof]

I think the systemd philosophy is to be EVERYTHING to everybody. That's hardly "the same thing". So instead of getting specialist eyes looking at this we're going to get a bunch of generalists. Some think that's a recipe for disaster.

Maybe, maybe not. Debian encompasses something like 50,000+ 'programs' in its main repository and as a collective set if you stick with just that it works very well IMO .. and encompasses a vast range of choices (from small dedicated installations up to large servers and everything between).

You can still specialise within that, just a matter of opting for which choice of services to include or not, or even write your own (within that structure).

Could go the other way and more program producers focus their code/structure on that, leaving those on the outside with fewer choices to piggyback off (fewer options/programs in their own repositories).

Back in the day, many said Betamax was superior to VHS, however VHS won through. I guess systemD is like VHS was back then. SysV is considered as even less viable than SystemD going forward and a alternative is required ... and so far SysD is prevailing, despite perhaps not being up to the mark (yet).

As a end user not really that familiar with the intricacies I'm impartial to either. The other day when I hit problems with Slim I looked around at how to implement auto gui login

create a file at /etc/systemd/system/getty@tty1.service.d/override.conf with content
[Service]
ExecStart=
ExecStart=-/sbin/agetty --autologin <user name> --noclear %I $TERM

and run systemctl set-default multi-user.target to activate that service or systemctl set-default graphical.target to flip back again. (It also suggested adding [ "$(tty)" = "/dev/tty1" ] && exec startx to ~/.profile

i.e. easy enough, and not vastly different to the kind of edits that would be required to implement the same function under SysV.

Its reporting is good also IMO, for instance running systemd-analyze blame shows potential bootup bottlenecks and you can even get a nice graphical timeline chart printed out if you so need/desire.

ff@debian:~$ systemd-analyze blame
          2.782s wicd.service
          2.503s keyboard-setup.service
          2.456s systemd-fsck@dev-sda2.service
          1.379s ufw.service
           909ms systemd-logind.service
           901ms rc-local.service
           899ms rsync.service
           634ms networking.service
           627ms systemd-fsck@dev-sda3.service
           606ms dev-hugepages.mount
           595ms sys-kernel-debug.mount
           569ms dev-mqueue.mount
           483ms kbd.service
           430ms systemd-tmpfiles-setup-dev.service
           426ms systemd-user-sessions.service
           420ms kmod-static-nodes.service
           414ms rsyslog.service
           342ms systemd-udev-trigger.service
           321ms systemd-modules-load.service
           316ms systemd-fsck@dev-sda4.service
           266ms systemd-update-utmp.service
           249ms mnt-sda4.mount
           230ms sys-fs-fuse-connections.mount
......

or how long startup took in total

ff@debian:~$ systemd-analyze
Startup finished in 10.240s (kernel) + 10.648s (userspace) = 20.888s

... etc.

From the traffic on the Devuan forum following its Release 1.0 the resistance to SysD would seem to be pretty light.

 

[Deleted member 9563]

From the traffic on the Devuan forum following its Release 1.0 the resistance to SysD would seem to be pretty light.

You could be right, but forums are generally not very popular these days - seems people just refuse to use them. I'm seeing lots of Devuan interest and action in other places.

 

[sko]

I'm still running devuan on 2 legacy linux boxes (until I find the time to finally replace them). They were switched from debian to devuan around the release of Debian jessie, just when the shit hit the fan systemd was introduced as the default init on debian and already got lots of (unneccessary and stupid) hard dependencies from some packages - e.g. clamAV and even postfix at some time. Especially for postfix this was completely unneccessary - the upstream version was still the same - the *only* difference for the 'newer' debian package was the hard dependency on systemd and the added service file.
Devuan had lots of these service packages with removed systemd-dependencies early on - even if sometimes still with dependencies to their systemd-shim, but at least you didn't have to run the full systemd travesty show on your servers. I also got some help at the IRC channel when I was removing dependencies from some packages I needed back then for our HORDE server.

Back then there was no forum for Devuan, only the mailing list and irc channels and they were quite busy. I suspect most (especially long term) devuan users still prefer these communication channels over the new forum - especially because the main target group is sysadmins, not the typical "pointy-clicky" desktop users.

 

[ronaldlees]

I'm still running devuan on 2 legacy linux boxes (until I find the time to finally replace them). ....

When I have to use Linux, I've been using Alpine Linux recently. No systemd, and no GNU C library either (musl instead). The distro has some very interesting backers/contributors. It seems that not all the big corps have bought into systemd

 

[Deleted member 30996]

I'm not a fan of Linux but did have Debian on one of the spare HDD for my Thinkpads till recently. Of all the Linux distros I've tried it's what I liked best. When I heard that OpenBSD was going to implement KARL I wiped that drive in favor of it and will probably never use anything but BSD again.

BSD is superior in every way IMO and like that it can trace its roots back to Bell Labs UNIX.

I'm growing my beard out too so I can be a real neckbeard.

 

[sko]

Alpine is what I also use on our smartOS host when I absolutely have to run Linux because of $some_reason.
The lean architecture of Alpine makes it really easy and insanely fast to set up LX-Zones via ansible or even manually for testing - a small manifest file is all thats needed to get a working Linux-Zone within a few seconds. As a bonus you also get all the benefits of ZFS and DTrace through the illumos/smartOS host

 

[rufwoof]

I'm not a fan of Linux but did have Debian on one of the spare HDD for my Thinkpads till recently. Of all the Linux distros I've tried it's what I liked best. When I heard that OpenBSD was going to implement KARL I wiped that drive in favor of it and will probably never use anything but BSD again.

BSD is superior in every way IMO and like that it can trace its roots back to Bell Labs UNIX.

I'm growing my beard out too so I can be a real neckbeard.

You've hit the nail on the head there. More for geeks, nostalgia and backend (servers), much less so for general use. Debian is vastly superior on that front. As systemD expands Debian will ride that wave whilst FreeBSD will increasingly become a niche ... as the next gen of developers/maintainers have a tendency towards familiarity and will be more familiar with Linux/sysD. The tendency towards "sysD is shit" and "piss off desktop users/non-geeks" doesn't serve FreeBSD well. Redirection towards TrueOS ... is hardly a good first impression either IMO.

 

[Deleted member 30996]

More for geeks, nostalgia and backend (servers), much less so for general use. Debian is vastly superior on that front.

My use of FreeBSD is for general use. Surfing the web, listening to music while doing so, using The Gimp to manipulate images, downloading files, working with text files and a file manager. I can do anything on my FreeBSD machines I could on my Debian box. The pkg system is every bit as easy to use as apt-get, I just like using ports. There is a long list of ISP's that use FreeBSD as a server and my desktop has all the security and stability of one. I like building it from scratch as then I have a customized desktop with only the programs I choose to be on it, and a rock solid one at that.

Linux has word of mouth going for it. That and pre-rolled distros where everything is already there when you finish the install process. Ubuntu is known for its ease of use and a lot of n00bs gravitate toward it. Mint is the most popular distro, No 1 at distro watch, and I hear people in other forums who use it talk about how they have difficulty switching from one Desktop Environment to another. WTF? You have 10 years experience with Linux and don't fall into that category.

The first computer I used was an Apple II. I moved on to Windows, to Puppy on a 100MB Zip Disk, Mandrake, distro hopped, discovered PC-BSD and help beta test it. That gave me the experience to make the move to FreeBSD. If TrueOS can work the bugs out and they can get their act together it could well be the Linux of the BSD world. TrueOS is No.14 at distrowatch and rising. I think a lot of people who get their feet wet with TrueOS will eventually make the move to FreeBSD like I did.

FreeBSD is a real Operating System with a small but dedicated team of people working toward one goal and its roots in UNIX proper. Linux is a kernel invented by Linus with some apps on top, more distros than you can shake a slide rule at and no coherency. I know nothing of Pottering and very little about systemD, but what I hear is not good.

You'll hear the expression "FreeBSD is a professional OS for professionals". Yes, I'm a geek, an old one at that, but I am not an IT guy. Just a self-taught guy sitting at home in his apartment with 4 BSD laptops purring along. I am far from the smartest guy in the forum and only know a fraction of what others know about FreeBSD but for the most part I have mastery of my desktops.

 

[Deleted member 9563]

My use of FreeBSD is for general use.

Same here. I use Linux for dedicated use and other miscellaneous machines.

You'll hear the expression "FreeBSD is a professional OS for professionals". Yes, I'm a geek, an old one at that, but I am not an IT guy. Just a self-taught guy sitting at home in his apartment with 4 BSD laptops purring along. I am far from the smartest guy in the forum and only know a fraction of what others know about FreeBSD but for the most part I have mastery of my desktops.

I wouldn't describe myself as a geek either. At least not just because I hang here and have a special relationship with mister Google. I'm an artist, and computers is an extension of that - not the other way around.

 

[Deleted member 30996]

The tendency towards "sysD is shit" and "piss off desktop users/non-geeks" doesn't serve FreeBSD well. Redirection towards TrueOS ... is hardly a good first impression either IMO.

BTW, I welcome new users and am glad to see new people using FreeBSD as a desktop OS. Far from trying deter them, I've shared my experience and done my best to help make it easier for them to make the transition.

Beginners Guide - How To Set Up A FreeBSD Desktop From Scratch

 

[Deleted member 9563]

Regardless of what people here think about systemd, it nevertheless won an award at Blackhat. (article here).

 

[rufwoof]

Regardless of what people here think about systemd, it nevertheless won an award at Blackhat. (article here).

Should perhaps have been awarded to Dumber

To exploit the issue, an attacker would have to convince an administrator – someone who already has root access – to install...

But I guess that would defeat the sheer deflamation of systemD intent. Pretty much everyone agreed that sysV needed to be replaced, some don't like SysD as one such alternative, many others have accepted/adopted it. Of (sleep 3) all the choices (sleep 10) SysV (sleep 5) is the last choice (great, sleeps worked, this time, and no post jumped in to disrupt the intended flow).

 

[Deleted member 9563]

Should perhaps have been awarded to Dumber

Who is Dumber?

 

[Deleted member 30996]

rufwoof, I understand your bias toward Linux and systemD and wanting to defend it, you do have a history of 10 years using it from what I understand, just as my 12 years use of FreeBSD tends mine toward it. You're entitled to your opinion, but this being a FreeBSD forum you're not going to find much love for Linux or systemD here. I hope that doesn't influence your decision to use FreeBSD.

However, when I spoke of what I had heard about systemD not being good, I was not referring to this thread alone. There are many such threads in forums dominated by Linux users, some closed due to the tone they took, with Linux user sporting taglines such as "systemD is evil". I usually just don't pay much attention to them and why I know little about it since they don't effect me and discord is something I try to avoid in a forum.

 

[paw]

The expoit is amusing. I want to play with this later.

I really can't fault FreeBSD. thought I would throw that in. To recompile the kernel was a dobble, unlike for Linux. It just works, it feels solid, pkg and ports are fantasic and I could see why gentoo was the hype back then but to-date ports win.

Linux is linux, and totally agree with the past. During times where I was pulling scrap 486's from the local tip for script-kiddie uses, linux was excellent. I knew that other OS's exist. BeOS, which is now Hiaku looks fun and promising; I need to get round and installing that.

Linux is bloated, over corperatised (Google~Android, RedHat, Canonical) and over sponsered. This has allowed to push Linux and make future visions happen but again no authority exists to control and so it becomes a power struggle. Someone will get upset and cause drama or someone will come up with something and the majority won't want and will push anyway because they decided to pay $.

People reinventing the wheel, that's cool, you should always have people create their own version, because why not. But sadly, these are normally for personal and the mainstream dominates over these setting the tone of creating your own is bad. It's not bad, its great.

Things feel sloppy on Linux as it just a old-dated kernel which Linus created and which sits on like it's his throne, like a asshat. Linux feels like Its like trying to make a beer pong cup tower, good for the first few cups, but has no support and just starts to topple. The desktop expirence is meh. I wouldn't use it for a desktop any more. i've tried but it's just not there, its clunky, noisey and just meh, it's not satisfying which is why I don't use or like android. Microsoft is Microsoft, but to be fair their UI has always felt more confident, same with Apple.

RedHat annoys me in the smug of they see themselves as the King of Linux and sure, they're created major things, but it's like google of the linux world. They're heavely proceeded by money and just seem corrupt. If you don't follow their ways you it kind of feels like you have a power of evil agaisn't you.

SystemMD is failure. Fair concept but over compicated and in the end usless. People have they tried to apply their approach because they think theirs is better and so you have a lumpy piece or a wonky distro. It works when applications have been created designed for it but normally they've not and so you end up waiting at shutdown with a message of "Stopping service: ETA: 2minutes"
i hate it, if it's going to take an estimated 2minutes, give me kill -9 and it will be ended in seconds. Which is one of the reasons I've swapped to FreeBSD and wish I had sooner.

I have FreeBSD running it on my colocated server which I hopefully soon be pushing to selling Jails and bhyve VM's. Expiremental but I like expiremental. Even then you still kind of feel safe which is nice. Bhyve has a really good potentinal to put FreeBSD back on the map.

Sure it was shrouded by past history and I'm glad thats all over but it's not a bad thing. Linux won that race, but look where it's at now. Linux is a mess, and FreeBSD is now starting to bloom which is great for the future.

Oops, I should get back to work. six years sysadmin for Linux, two years for freebsd

 

[Deleted member 9563]

Linux is a mess

In a way, that's a good thing. Diversity is an excellent thing in many, though not all, ways. Systemd makes the assumption that everyone wants to do things the same way.

PS: rufwoof You still didn't answer. It's not the kind of name that's "Googlable".

 

[rigoletto@]

What is happening with Linux (and from a long time already) is exactly what (will) happen with anything (service, goods, etc.) when it decide to pursuit a large/diverse user/client base, or even worse "everyone".

The only way to archive that is compromising everywhere, and the first point/characteristic to suffer is the quality. Quality costs money and time.

One can argue that in the past, lets say 50's, there were high quality products everywhere, but a few changes happened with time:

1. a large user/client base currently means a completely different thing, as the world population grown up exponentially;
   
2. the changes in the production resources took us from a time (50's) when the manpower was cheap and the raw material expensive, to the complete opposite. Today manpower is expensive and raw material is cheap.

We changed from a business mentality of "we need to built it right at first" because the source material is expensive and will be expensive to fix (rma) it later, to "we need to build it everything fast", because manpower is expensive, and if anything goes wrong it will be cheap to fix (rma) later.

The same behavior could easy be adapted to software business.

 

[Deleted member 30996]

rufwoof You still didn't answer. It's not the kind of name that's "Googlable".

I'm sure he meant me since I slammed Linux. He had already posted a farewell thread saying FreeBSD wasn't for him and was going back to Debian.

Posed with his previous proclamation that UNIX is primarily of interest for nostalgia purposes, prejudice of UNIX Philosophy in preference of the Pottering Principal, perturbed protection of systemD despite the preponderance of evidence and plethora of exploits presented, and as a penchant for an impregnable Operating System isn't paramount on his panel of priorities, perhaps FreeBSD isn't the proper choice for a person in his position, would possibly perceive perdured use of Linux preferable and the Pwnie for that prize more appropriately placed in his possession in perpetuity.

 

[rufwoof]

@ Trihexagonal Indeed I don't so servers, just purely a single user desktop setup, primarily for browsing and spreadsheets/docs. From my perspective Debian provides the entirity ...operating system and all the programs I require/use, from and maintained by a single provider, that collectively all work well with each other. For instance install Openshot and that also requires Blender and Inkscape in order to be fully functional. The FreeBSD combination however don't work together as Openshot is sensitive to Blender versions and FreeBSD contains a mismatch, whilst in Debian ... it all just works as expected. Installing things in FreeBSD I see a number of 'no package maintainer' type information messages, the more that are driven away from FreeBSD the more packages that won't be maintained. Increasingly so if packages otherwise borrowed from the likes of Debian are developed so as to be more aligned to work with (be a integral part of) SysD.

@ OJ ... Dumber out of Dumb and Dumber. The award for poor security amounts to sys admin failure ... i.e. convince a sys admin to install something they shouldn't. Paramount to just a pure dig for the sake of it. Mostly the likes of Debian welcome other choices/variations whereas the other way around is more inclined to hatred and insults.