Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
In order to exploit that, the user needs access to the machine (can't be exploited through the network without logging in) AND it was already patched a year ago.
Distribution: Linux Mint, Manjaro, FreeBSD, Android
Posts: 99
Rep:
Quote:
Originally Posted by suicidaleggroll
In order to exploit that, the user needs access to the machine (can't be exploited through the network without logging in) AND it was already patched a year ago.
Yes, it's the same problem as before, and was patched a year ago.
Quote:
The issue was first introduced in the systemd source code in November 2015 and was patched two months later, in January 2016, affecting only systemd v228, and receiving a fix with the release of v229.
Quote:
The systemd project is currently at version 232. As we know Linux users and hardware vendors, it's quite possible that there are quite a few machines left around running v288.
(presumably that's a typo, it should be v228)
And from the bug report:
Quote:
A flaw in systemd v228 in /src/basic/fs-util.c ...
Quote:
Sebastian Krahmer 2017-01-18 10:50:15 UTC
Apparently upstream failed to analyze the impact of this bug and so
it was silently fixed.
Quote:
The problem seems to be in v228 only.
The issue seems to be that the impact of the bug was underestimated, so while it was fixed, it was done so silently and wasn't flagged as a major security fix, so some distro maintainers ignored it.
Last edited by suicidaleggroll; 01-24-2017 at 06:01 PM.
Distribution: Linux Mint, Manjaro, FreeBSD, Android
Posts: 99
Rep:
Quote:
Originally Posted by suicidaleggroll
The issue seems to be that the impact of the bug was underestimated, so while it was fixed, it was done so silently and wasn't flagged as a major security fix, so some distro maintainers ignored it.
In any event only now they are cleaning up the problem that I pointed out in my post about "Linux Systemd Flaw Gives Attackers Root Access"
Distribution: Linux Mint, Manjaro, FreeBSD, Android
Posts: 99
Rep:
Quote:
Originally Posted by MadeInGermany
systemd is an all-in-one solution that breaks Unix principle, i.e. it increases risks in terms of likeliness and severity.
I am awaiting the first "systemd shock"s already in 2017.
I share your same thoughts on systemd. ReaperX7, another LQ forum member, phrased it in this fashion.
Systemd is far from completed featurewise... when completed it's entire ultimate long-term goal is to completely eliminate the need for the current GNU operating system, shell interfaces, compilers, libraries, and other kernel handling toolkits. Basically put... Linux OS (or systemd-OS if you want to be technical).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
