User topics

Article topics

Log in Sign up

Penguins force-fed root: Cruel security flaw found in `systemd` v228

Some Linux distros will need to be updated following the discovery of an easily exploitable flaw in a core system management component. The CVE-2016-10156 security hole in systemd v228 opens the door to privilege escalation attacks, creating a means for hackers to root systems locally if not across the internet. The …

COMMENTS

Post your comment

House rules Send corrections

Add to 'My topics'

Page:

1. 1. Wednesday 25th January 2017 17:41 GMT Ramazan
    
    Re: use sysvinit instead
    
    "Would that removal of systemd work for the latest Ubuntu/Mint too..? Has anyone tried it..?"
    
    Most probably you won't be able to get rid of systemd on desktop machine as all major desktop environments (gnome, kde, lxde, xfce, mate and cinnamon) depend on systemd. At least that's how things are on Debian at the moment. On Ubuntu YMMV. You can switch to minimalistic window manager though (openbox, uwm, twm etc), it definitely would work.
    
    0 1 Reply
2. Wednesday 25th January 2017 17:50 GMT Ramazan
  
  Re: use sysvinit instead
  
  "it's still fairly straightforward to run the current Debian release using sysvinit instead".
  
  Only if you run the current Debian release without desktop environment. All Debian's "task-desktop" variants, i.e. gnome, kde, lxde, xfce, mate and cinnamon _require_ systemd.
  
  So,
  
  fuck systemd
  
  fuck gnome
  
  fuck kde
  
  fuck lxde
  
  fuck xfce
  
  fuck mate
  
  fuck cinnamon
  
  1 1 Reply
  1. Thursday 26th January 2017 07:27 GMT jake
    
    Re: use sysvinit instead
    
    Actually, Ramazan, you can run any of the desktop environments without systemd.
    
    Remember, Linux is just the kernel. What you bolt on top of it is up to you.
    
    Slackware (for example) comes with blackbox, fluxbox, fvwm2, kde, twm, wmaker and xfce. Gnome can be added fairly easily with Dropline. Mate can be had with mateslackbuilds at github. All without systemd.
    
    HTH, have fun :-)
    
    2 1 Reply
    1. Thursday 26th January 2017 13:32 GMT Bodge99
      
      Re: use sysvinit instead
      
      ** Slackware (for example) comes with blackbox, fluxbox, fvwm2, kde, twm, wmaker and xfce. Gnome can be added fairly easily with Dropline. Mate can be had with mateslackbuilds at github. All without systemd.**
      
      The same applies with Cinnamon..
      
      0 0 Reply
Tuesday 24th January 2017 16:45 GMT Kurgan

systemd SUCKS!

Simple as that. Systemd SUCKS. Use Devuan, without systemd by design.

17 3 Reply
Tuesday 24th January 2017 17:18 GMT Pirate Dave

Systemd

the worst recursively self-referencing acronym in history.

Linux - Linux Is Not UniX

Pine - Pine Is Not Email

Systemd - Systemd Is Not Windows

Nope, I don't see how they got that.

Oh, and before I go: Fuck systemd.

16 5 Reply
1. Tuesday 24th January 2017 17:38 GMT Doctor Syntax
  
  Re: Systemd
  
  "Pine - Pine Is Not Email"
  
  I thought that was "Pine Is Not Elm"
  
  16 0 Reply
  1. Tuesday 24th January 2017 19:10 GMT jake
    
    Re: Systemd
    
    Pine Is Not EMACS
    
    4 0 Reply
  2. Tuesday 24th January 2017 19:59 GMT Pirate Dave
    
    Re: Systemd
    
    My bad. Fingers were outrunning brain...
    
    Wikipedia (for what it's worth) says the E is related to Elm, not EMACS
    
    https://en.wikipedia.org/wiki/Pine_%28email_client%29
    
    2 0 Reply
    1. Tuesday 24th January 2017 21:59 GMT jake
      
      Re: Systemd
      
      It's a joke, son. Everybody know EMACS is an awful email client ;-)
      
      2 1 Reply
      1. Tuesday 24th January 2017 22:03 GMT Doctor Syntax
        
        Re: Systemd
        
        "Everybody know EMACS is an awful email client ;-)"
        
        Isn't it? I thought it was everything else.
        
        1 0 Reply
        
        Wednesday 25th January 2017 00:06 GMT Down not across
        
        Re: Systemd
        
        "Everybody know EMACS is an awful email client ;-)"
        
        Isn't it? I thought it was everything else.
        
        Reminds me of few people I know (who at least couple or so decades ago) were rather fond of emacs (both full-fat and microemacs) and ran it effectively (if not for real) as their shell and did everything (email,usenet,gopher, you name it^*) via it and had extensive Lisp library.
        
        ^*Yes kids, there was internet before www...
        
        5 1 Reply
        
        Wednesday 25th January 2017 07:09 GMT jake
        
        Re: Systemd
        
        I have a user login ("write") that I use for serious writing. It uses vi as the shell. When I'm writing (code, documentation, contracts, dead-tree letters), I don't like distractions. Yes, I use a serial terminal for this, no GUI to get in the way.
        
        3 1 Reply
        
        Wednesday 25th January 2017 07:09 GMT Anonymous Coward
        
        Re: email,usenet,gopher, you name it
        
        "Those were the days, my friend..."
        
        Still remember the major switch in Big Blue support downloads from an emulated 3270 over SDLC to an async X.25 and a country-local gopher server. My productivity increased three-fold. Which is not true anymore with the invention of the Java abomination which brought everything back to 3270-speeds. Which reminds me a story attributed to Niclaus Wirt:
        
        "Back in the mid-80's I had PC XT with two floppy drives. It was booting DOS from the first, loading Lotus 1-2-3 from the second, and in 5 minutes I was able to do my family's accounts. Now, nearly 20 years later, I have a latest-technology PC with Windows and Excel which still loads in 5 minutes before I proceed with the accounts. Why do they tell me the computers got faster?"
        
        4 1 Reply
        
        Wednesday 25th January 2017 10:29 GMT P. Lee
        
        Re: email,usenet,gopher, you name it
        
        >Why do they tell me the computers got faster?"
        
        Ah, I see the problem... you thought faster computers were for your benefit!
        
        Nope, they're faster for software vendors' benefit, so they can use cheaper, less efficient coders.
        
        1 0 Reply
        
        Wednesday 25th January 2017 10:59 GMT Anonymous Coward
        
        Re: email,usenet,gopher, you name it
        
        Boot DOS and 1-2-3 on your PC...
        
        0 0 Reply
      2. Wednesday 25th January 2017 10:27 GMT P. Lee
        
        Re: Systemd
        
        >It's a joke, son. Everybody know EMACS is an awful email client ;-)
        
        and only a so-so web client. ;)
        
        Wait on a minute... did someone rename emacs to "systemd" and dump it in /boot ?
        
        3 0 Reply
2. Wednesday 25th January 2017 08:13 GMT Steve the Cynic
  
  Re: Systemd
  
  "Linux - Linux Is Not UniX"
  
  You must be thinking of:
  
  GNU - GNU's Not Unix
  
  The Unreliable Source says that the "Linu" in "Linux" is the same "Linu" in "Linus" (and, further, that he didn't really want it called that, but a coworker thought it was a better name than "Freax").
  
  3 0 Reply
3. Wednesday 25th January 2017 15:40 GMT Hans 1
  
  Re: Systemd
  
  >Systemd - Systemd Is Not Windows
  
  Systemd - Spoil your system this elegance must die
  
  TFTFY
  
  2 0 Reply
Tuesday 24th January 2017 19:11 GMT jake

Hate systemd?

If you haven't recently, you might want to re-evaluate Slackware.

5 1 Reply
1. Tuesday 24th January 2017 19:37 GMT Anonymous Coward
  
  Re: Hate systemd?
  
  I love Slackware, I really do, but I moved to Void.
  
  0 0 Reply
  1. Tuesday 24th January 2017 21:59 GMT jake
    
    Re: Hate systemd?
    
    I've looked at Void. I have nothing against it. However, it's occupying a niche that is already filled by the rather mature FreeBSD ...
    
    1 0 Reply
2. Thursday 26th January 2017 00:37 GMT slack
  
  Re: Hate systemd?
  
  Came to reference Slackware, happy to see I was beaten to it.
  
  1 0 Reply
Tuesday 24th January 2017 20:32 GMT Anonymous Coward

The Inevitable

The inevitable problem that occurs when you chuck out decades of tried'n'tested code and replace it with something new, especially with something like systemd, is that you're going to come across a whole new set of flaws, vulnerabilities, etc.

So for any attacker who is truly serious about getting inside Linux systems, systemd represents a golden opportunity for years of vulnerability discovery and exploitation. A flaw like this is a real gift to the nastier types out there on the Internet. They'll have been scouring systemd's source code for things like this. Looks like this particular one is an absolute corker. I wonder who knew of it without letting on.

Is Linux Secure?

With systemd taking on a huge and privileged role in the OS, and with it's significant source code volatility, can we honestly say anything positive about the security of Linux/SystemD based OSes at the moment? I'm not sure we can. We won't be able to be confident until the functionality has settled down and people have spent years pouring over the source code looking for mistakes like this.

It'll gradually get there I'm sure, but right now one feels that it is in a worse place at the moment than it was pre-systemd.

12 1 Reply
1. Tuesday 24th January 2017 21:24 GMT Pirate Dave
  
  Re: The Inevitable
  
  "With systemd taking on a huge and privileged role in the OS, and with it's significant source code volatility, can we honestly say anything positive about the security of Linux/SystemD based OSes at the moment? I'm not sure we can."
  
  Don't paint us all with the same brush - some of us are sticking with sysvinit systems until we either retire, or until certain vendors wearing rouge chapeaus pull their heads out of their asses and send systemd packing. This security issue is not necessarily a "Linux" problem, this is a "systemd" problem, which IS NOT LINUX.
  
  (OTOH - the new acronym for systemd could be STINX - SysTemd Is Not linuX...)
  
  12 0 Reply
  1. Tuesday 24th January 2017 22:06 GMT Doctor Syntax
    
    Re: The Inevitable
    
    "or until certain vendors wearing rouge chapeaus pull their heads out of their asses and send systemd packing."
    
    But don't the rouge chapeaux wearers also have the one commercially supported non-systemd Linux still available as an alternative? They must have overlooked that.
    
    0 1 Reply
  2. Wednesday 25th January 2017 08:17 GMT hplasm
    
    Re: The Inevitable
    
    "STINX - SysTemd Is Not linuX..."
    
    Have an Internet, Sir!
    
    1 1 Reply
2. Tuesday 24th January 2017 23:13 GMT bombastic bob
  
  Re: The Inevitable
  
  "Is Linux Secure"
  
  yes. Linux is secure. Related, systemd is NOT Linux. thankfully.
  
  2 2 Reply
Tuesday 24th January 2017 20:40 GMT ckdizz

Oh my God! A vulnerability in software that can give ab attacker root! This validates everything I knew about the software in question, and I'm fully justified in being against it and avoiding using it!

Apply that principle universally instead of just to things you can't be bothered learning. You wouldn't even be using pen and paper because someone could look over your shoulder. There have been many more much worse vulnerabilities in software you all no doubt use every day without complaint. The great thing about Linux is that if you don't like something, you don't have to use it. Feel free to exercise that power, but get off your high horses in your fictional world where root level vulnerabilities only exist in things you hate.

3 11 Reply
1. Tuesday 24th January 2017 22:00 GMT jake
  
  I'm fully justified in being against it and avoiding using it
  
  No. I'm fully justified in being against it and avoiding using it because it completely goes against the UNIX design philosophy of "each program does one thing well".
  
  Yes, I've evaluated systemd (as I so most new major offerings in the FOSS world)In my opinion, it puts too many eggs in one basket, and the basket is entirely too small for the load. So I avoid it. Obviously, YMMV, and you are free to comment. But don't presume to assume that my (or anybody else's!) dislike of systemd is based on anything other than "unfit for purpose".
  
  12 2 Reply
2. Wednesday 25th January 2017 00:57 GMT Long John Brass
  
  You don't get it do you
  
  @ckdizz
  
  IF I could just rip systemd off my machines without it bricking everything along with it I would be happy
  
  BUT I can't, remove systemd packages and there goes your whole fucking desktop
  
  EVERYTHING now has a dependency on system fucking D
  
  I would hate it a lot LESS if I had a choice about using it, but I don't so cue up the hate
  
  Get it now?
  
  6 1 Reply
3. Wednesday 25th January 2017 18:48 GMT Ramazan
  
  "Apply that principle universally instead of just to things you can't be bothered learning"
  
  Apply this principle to things that are forced on you by default, are not necessary (sysvinit is just fine) and come full with root escalation vulnerabilities. Apply this principles to "improvements" that "fix" things that ain't broke.
  
  2 1 Reply
  1. Wednesday 25th January 2017 19:18 GMT Orv
    
    "Apply this principles to "improvements" that "fix" things that ain't broke."
    
    I think a lot of the "improvements" are down to a religious devotion to running the same OS on laptops that we run on servers. For example, NetworkManager is a godsend on a laptop that moves around, but really painful on a server, where you might configure the network once every three or four years and really want it to come up as early in the boot process as possible.
    
    3 0 Reply
    1. Thursday 26th January 2017 14:24 GMT sisk
      
      I think a lot of the "improvements" are down to a religious devotion to running the same OS on laptops that we run on servers. For example, NetworkManager is a godsend on a laptop that moves around, but really painful on a server, where you might configure the network once every three or four years and really want it to come up as early in the boot process as possible.
      
      The difference is that you can remove NetworkManager and go back to your config files on that server in a matter of minutes, but dumping systemd is, at best, a painful process sure to cause even more problems.
      
      3 0 Reply
      1. Thursday 26th January 2017 17:27 GMT Orv
        
        "The difference is that you can remove NetworkManager and go back to your config files on that server in a matter of minutes, but dumping systemd is, at best, a painful process sure to cause even more problems."
        
        Very true. I didn't say they were equivalent, but I think systemd is motivated by the same desire to support laptops with a server OS -- fast boot times seem to be a major selling point, and this only makes sense on laptops and desktops. Servers aren't rebooted often and generally have lengthy BIOS POST periods anyway (anywhere from two to twenty minutes, in my experience.)
        
        2 0 Reply
Tuesday 24th January 2017 22:08 GMT Dazed and Confused

WTF

If you touch a file, make it 7777 so it's world writeable and SUID then a non root user writes to the file the kernel takes away SUID and SGID. So not only is systemd being done in letting you create the 7777 file in the first place. It's being dumb is letting you write something to it which could then be executed.

Only root would be able to issue the write without the 6000 mode bits being reset.

1 0 Reply
1. Tuesday 24th January 2017 23:19 GMT bombastic bob
  
  Re: WTF
  
  "Only root would be able to issue the write without the 6000 mode bits being reset."
  
  assuming that a different exploit did not successfully write to this file and still keep the bits...
  
  0 0 Reply
Tuesday 24th January 2017 22:47 GMT x 7

so what mainstream distros are available now that don't use systemd? And I mean mainstream, not homebrew distros cooked up by one man and his donkey........

0 0 Reply
1. Wednesday 25th January 2017 07:21 GMT Dazed and Confused
  
  RHEL/CentOS 6
  
  I think I loath and despise 7 more and more with each and every passing day.
  
  2 0 Reply
2. Wednesday 25th January 2017 13:42 GMT Michael Felt
  
  systemd - the future? or just another way to boot *nix
  
  I have never had to deal with systemd - and I am surprised to hear there is so much division about whether it was a move forward or not.
  
  Before this I was thinking: for a "family" packages built around the systemd philosophy it could be beneficial. Mt concern with "Linux" boot phases is mainly that every distro has come up with 'their' way to "solve" the problem of boot - and learning all of those (just as it is hard to learn all the ways that *bsd, aix, hp, solaris, etc. differ in their ways to boot the system).
  
  If systemd provides a way that ALL distros use the same files, same directories, etc. such that I learn one distro and can effectively administrter any distro - it is a win. Without that systemd, imho, is just a new, different 'thing' that needs to be learned, researched, etc..
  
  In summary - I have doubts systemd will be universal to system administration.
  
  Have a good day everyone! Smile! and then go kick a can ;)
  
  1 0 Reply
3. Wednesday 25th January 2017 15:49 GMT nematoad
  
  Here you go.
  
  "so what mainstream distros are available now that don't use systemd? And I mean mainstream, not homebrew distros cooked up by one man and his donkey..."
  
  PCLinuxOS for one.
  
  Texstar has stated that he will NEVER use systemd.
  
  1 0 Reply
4. Thursday 26th January 2017 00:48 GMT slack
  
  AFAIK Pat V doesn't own a donkey. ;)
  
  0 0 Reply
Wednesday 25th January 2017 07:51 GMT dbannon

So, do somethng !

OK, so systemd is -

a. Completely unusable

b. Completely unnecessary

c. Completely adopted by the major distros.

So, if you systemd haters go out and make a new distro without systemd, the world will beat a path to your door. Call it deb-sansd perhaps ? You will rule the world ! You could even set up your own mailing list and "discuss" systemd there (and not here...).

2 6 Reply
1. Thursday 26th January 2017 18:56 GMT Charles 9
  
  Re: So, do somethng !
  
  "So, if you systemd haters go out and make a new distro without systemd, the world will beat a path to your door. Call it deb-sansd perhaps ? You will rule the world ! You could even set up your own mailing list and "discuss" systemd there (and not here...)."
  
  If that were true, why hasn't a major supplier done so and beat the haters to the punch (and the bucks)?
  
  0 0 Reply
Wednesday 25th January 2017 09:57 GMT batfastad

Faster

But systemd makes my server boot 2 seconds faster! After I've waited 20 minutes for "configuring memory", "updating inventory", "verifying system devices", "lifecycle controller something".

4 1 Reply
Wednesday 25th January 2017 12:50 GMT PNGuinn

And so it starts...

See Title.

Version 22WHAT?? What is this supposed to be? an init system or a BLOODY BROWSER??

Question - How many other unknown vulnerabilities are rolled up into that hairball of code?

Burn it with fire - it's the only way.

2 1 Reply
1. Thursday 26th January 2017 18:56 GMT Anonymous Coward
  
  Re: And so it starts...
  
  And if it turns out to be fireproof?
  
  0 0 Reply
Thursday 26th January 2017 14:13 GMT sisk

Yet more proof

that systemd is not yet ready for prime time.

0 1 Reply
1. Friday 27th January 2017 17:53 GMT Anonymous Coward
  
  Re: Yet more proof
  
  There is no timeline, prime or otherwise, that systemd is ready for. Hopefully in 5 years we can look back on systemd as merely an interesting, but misguided, experiment that failed.
  
  0 1 Reply

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Other stories you might like

Exploit code for Palo Alto Networks zero-day now public

Race on to patch as researchers warn of mass exploitation of directory traversal bug

Security 17 Apr 2024 | 3

Easy-to-use make-me-root exploit lands for recent Linux kernels. Get patching

CVE-2024-1086 turns the page tables on system admins

Patches 29 Mar 2024 | 26

Delinea Secret Server customers should apply latest patches

Updated Attackers could nab an org's most sensitive keys if left unaddressed

Patches 15 Apr 2024 | 3

German state ditches Windows, Microsoft Office for Linux and LibreOffice

'Complete digital sovereignty' ... sounds familiar

Software 4 Apr 2024 | 189

AlmaLinux 9.4 beta prepares to tread where RHEL dares not

CIQ also has an alternative approach to compatible kernels with RockyLinux

OSes 17 Apr 2024 | 6

CISA in a flap as Chirp smart door locks can be trivially unlocked remotely

Hard-coded credentials last thing you want in home security app

Security 15 Apr 2024 | 49

Gentoo Linux tells AI-generated code contributions to fork off

A good PR move opines community member

OSes 16 Apr 2024 | 19

GCC 14 dropping IA64 support is final nail in the coffin for Itanium architecture

Linux kernel cut it loose, now leading FOSS compiler lands depth-charge on Itanic

Applications 12 Apr 2024 | 79

Rust rustles up fix for 10/10 critical command injection bug on Windows in std lib

BatBadBut hits Erlang, Go, Python, Ruby as well

Patches 10 Apr 2024 | 56

Torvalds intentionally complicates his use of indentation in Linux Kconfig

Paramount penguin forces more robust whitespace handling

OSes 16 Apr 2024 | 90

Debian spices up APT package manager with a dash of color, squishes ancient bug

2.9 gives a taste of what's to come

OSes 18 Apr 2024 | 32

Mozilla fixes $100,000 Firefox zero-days following two-day hackathon

Users may have to upgrade twice to protect their browsers

Security 25 Mar 2024 | 9

The Register Biting the hand that feeds IT

About Us

Our Websites

Your Privacy

Situation Publishing

Copyright. All rights reserved © 1998–2024