LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 09-29-2016, 04:44 AM   #16
a4z
Senior Member
 
Registered: Feb 2009
Posts: 1,727

Rep: Reputation: 742Reputation: 742Reputation: 742Reputation: 742Reputation: 742Reputation: 742Reputation: 742

Quote:
Originally Posted by Richard Cranium View Post
Actually, you sometimes have to send it nothing multiple times to trigger the behavior.

Oh well. Not our problem.
your 'comment of the day' is unfortunately a lie,

https://github.com/systemd/systemd/c...758e07eb92b020


Quote:
Originally Posted by SCerovec View Post
wrapped in while true ?


Anyways, the bug was trivial to fix, the problem is that it was there in the first place:

it was released and probably used on public accessible machines ("release early, release often") for "all to see".

Who knows how many 0day exploits still lure there?

IMO it's a textbook case of "backdoor injection" to Linux/GNU biosphere (call me a tin hat..)

you will never have bugfree software,
but why this stupid flaming in this case and not in others, kernel, bash, ssl, ... you name it.
oh, it is systemd, we do not go the normal way, report the bug, wait until it is fixed or max ... days, than go public like it is best praxis and common. Oh systemd, lets behave different, ...

so there are 2 problems, a bug in the software, easy to fix, and people behaving not rational, unfixable
what to prefer?
 
Old 09-29-2016, 04:44 AM   #17
ReaperX7
LQ Guru
 
Registered: Jul 2011
Location: California
Distribution: Slackware64-15.0 Multilib
Posts: 6,554
Blog Entries: 15

Rep: Reputation: 2097Reputation: 2097Reputation: 2097Reputation: 2097Reputation: 2097Reputation: 2097Reputation: 2097Reputation: 2097Reputation: 2097Reputation: 2097Reputation: 2097
No amount of machismo can save you when a non-threatening command can be used to send the system into a death spiral using even a simple script, command insertion, or other commonly used command interface execution systems.

This isn't a virus, worm, malware, etc. It's just an example of slipshod coding and carelessness of setting limiters on command entries that could prove dangerous.

It's not the fact it can be fixed a4z, it's the fact it does exists at all, and how fast it was found, the fact it can be exploited in a live system, and how long it will take to be fixed, and then how long until distributions pick it up and push out an update or patch.

Last edited by ReaperX7; 09-29-2016 at 04:48 AM.
 
3 members found this post helpful.
Old 09-29-2016, 05:01 AM   #18
rkelsen
Senior Member
 
Registered: Sep 2004
Distribution: slackware
Posts: 4,421
Blog Entries: 7

Rep: Reputation: 2535Reputation: 2535Reputation: 2535Reputation: 2535Reputation: 2535Reputation: 2535Reputation: 2535Reputation: 2535Reputation: 2535Reputation: 2535Reputation: 2535
Quote:
Originally Posted by a4z View Post
your 'comment of the day' is unfortunately a lie,

https://github.com/systemd/systemd/c...758e07eb92b020
Yeah.

The key part of that is: "@niedbalski niedbalski committed with keszybz 13 hours ago"

It was fixed well after the article was published... And the fix itself speaks volumes about the mind-blowingly stupid design of this thing.
Quote:
Originally Posted by a4z View Post
you will never have bugfree software
The bugs aren't the issue. The fundamentally flawed design in combination with the attitude of the developer constitute the biggest part of this problem.

Last edited by rkelsen; 09-29-2016 at 05:04 AM.
 
6 members found this post helpful.
Old 09-29-2016, 05:18 AM   #19
GazL
LQ Veteran
 
Registered: May 2008
Posts: 6,882

Rep: Reputation: 4988Reputation: 4988Reputation: 4988Reputation: 4988Reputation: 4988Reputation: 4988Reputation: 4988Reputation: 4988Reputation: 4988Reputation: 4988Reputation: 4988
Quote:
Originally Posted by SCerovec View Post
Anyways, the bug was trivial to fix, the problem is that it was there in the first place:
Nah, bugs creep into things. The problem is the design itself: the assimilation of system components and especially the dbusification of system service interfaces. A little incompetence in implementation pales in comparison to the threat these present.

Anyway, until such a time as applications foolishly start relying on these dbusified services, Richard is quite correct: Paint it pink and surround it with an S.E.P. field. Having said that, taking the "Problems of others are not our concern..." line has the tendency to come back and bite you in the future.

On the whole I find myself in agreement with the gist of the article, but that's really no surprise and the underlying points raised are not in themselves new.
 
1 members found this post helpful.
Old 09-29-2016, 05:26 AM   #20
55020
Senior Member
 
Registered: Sep 2009
Location: Yorks. W.R. 167397
Distribution: Slackware
Posts: 1,307
Blog Entries: 4

Rep: Reputation: Disabled
Quote:
Originally Posted by rkelsen View Post
Yeah.

The key part of that is: "@niedbalski niedbalski committed with keszybz 13 hours ago"

It was fixed well after the article was published... And the fix itself speaks volumes about the mind-blowingly stupid design of this thing.

The bugs aren't the issue. The fundamentally flawed design in combination with the attitude of the developer constitute the biggest part of this problem.
In fact that commit was only merged within the last hour -- it was held up for eleven hours because the indentation was wrong. This is beyond satire.

Interesting that a new separate Github issue created to fix the bug in. It's almost as if the cabal are too embarrassed to face up to the error.

Anyway, there is no need to troll anybody any more about this, because moot himself has spoken.

Edit: And now, naturally enough, moot's comment, which was iirc the simple words "way to go systemd", has been deleted. Nothing to see, never happened.

Last edited by 55020; 09-29-2016 at 08:06 AM.
 
3 members found this post helpful.
Old 09-29-2016, 05:43 AM   #21
a4z
Senior Member
 
Registered: Feb 2009
Posts: 1,727

Rep: Reputation: 742Reputation: 742Reputation: 742Reputation: 742Reputation: 742Reputation: 742Reputation: 742
Quote:
Originally Posted by rkelsen View Post
Yeah.

The key part of that is: "@niedbalski niedbalski committed with keszybz 13 hours ago"

It was fixed well after the article was published... And the fix itself speaks volumes about the mind-blowingly stupid design of this thing.

The bugs aren't the issue. The fundamentally flawed design in combination with the attitude of the developer constitute the biggest part of this problem.
what a bad attitude of the developers, fixing a bug after it was reported, not before! 12h after the issue was submitted, what a scandal!

you, with your attitude, would fix the bug before it even was written, wouldn't you? mind-blowingly
and exactly what mind-blowingly stupid is may everyone decide for him/her self.
You, for example, might find you post brilliant, while I think pointing at a bug that got a fix submitted in 12h and talking about developer attitude is mind-blowingly.
 
1 members found this post helpful.
Old 09-29-2016, 05:51 AM   #22
55020
Senior Member
 
Registered: Sep 2009
Location: Yorks. W.R. 167397
Distribution: Slackware
Posts: 1,307
Blog Entries: 4

Rep: Reputation: Disabled
Quote:
Originally Posted by a4z View Post
you, with your attitude, would fix the bug before it even was written, wouldn't you?
*Yes*

What part of "fail safe" do you not understand?

Edit: Let's repeat montagdude's post #9, which answered your post before it even was written:

Quote:
Originally Posted by montagdude View Post
The purpose of the article was not to point out that there are bugs, but to explain that the design makes these (or any) bugs potentially very critical. Good software would be designed such that any failures would be as isolated from the rest of the system and limited in scope as possible, but systemd is designed in exactly the opposite way. You should just read it, because the author explained that much better than I could.

Last edited by 55020; 09-29-2016 at 06:04 AM.
 
4 members found this post helpful.
Old 09-29-2016, 05:53 AM   #23
rkelsen
Senior Member
 
Registered: Sep 2004
Distribution: slackware
Posts: 4,421
Blog Entries: 7

Rep: Reputation: 2535Reputation: 2535Reputation: 2535Reputation: 2535Reputation: 2535Reputation: 2535Reputation: 2535Reputation: 2535Reputation: 2535Reputation: 2535Reputation: 2535
Quote:
Originally Posted by 55020 View Post
In fact that commit was only merged within the last hour -- it was held up for eleven hours because the indentation was wrong. This is beyond satire.
Hahaha!

You couldn't make it up...
 
1 members found this post helpful.
Old 09-29-2016, 06:41 AM   #24
kikinovak
MLED Founder
 
Registered: Jun 2011
Location: Montpezat (South France)
Distribution: CentOS, OpenSUSE
Posts: 3,453

Rep: Reputation: 2154Reputation: 2154Reputation: 2154Reputation: 2154Reputation: 2154Reputation: 2154Reputation: 2154Reputation: 2154Reputation: 2154Reputation: 2154Reputation: 2154
Quote:
Originally Posted by SCerovec View Post
wrapped in while true ?
Here you go. Wrapped the whole thing in a while-true-loop.

All I get is a "Connection refused" statement. Everything still works perfectly.

Cheers,

Niki

Edit: no, nothing works perfectly. Looks like the whole system went down the drain. Took me a while to notice. See message below.
Attached Thumbnails
Click image for larger version

Name:	crash-system-01.png
Views:	102
Size:	34.3 KB
ID:	23118   Click image for larger version

Name:	crash-system-02.png
Views:	129
Size:	97.1 KB
ID:	23119  

Last edited by kikinovak; 09-29-2016 at 07:23 AM.
 
2 members found this post helpful.
Old 09-29-2016, 07:08 AM   #25
55020
Senior Member
 
Registered: Sep 2009
Location: Yorks. W.R. 167397
Distribution: Slackware
Posts: 1,307
Blog Entries: 4

Rep: Reputation: Disabled
Niki, what version of systemd are you running on Centos? At least one person has replicated this bug on Centos 7 with systemd-219 which afaict is the current version on fully patched Centos 7. The bug was introduced with commit d875aa8, which is tagged v219..v231.
 
Old 09-29-2016, 07:21 AM   #26
kikinovak
MLED Founder
 
Registered: Jun 2011
Location: Montpezat (South France)
Distribution: CentOS, OpenSUSE
Posts: 3,453

Rep: Reputation: 2154Reputation: 2154Reputation: 2154Reputation: 2154Reputation: 2154Reputation: 2154Reputation: 2154Reputation: 2154Reputation: 2154Reputation: 2154Reputation: 2154
Quote:
Originally Posted by 55020 View Post
Niki, what version of systemd are you running on Centos? At least one person has replicated this bug on Centos 7 with systemd-219 which afaict is the current version on fully patched Centos 7. The bug was introduced with commit d875aa8, which is tagged v219..v231.
Uh oh. System does not work perfectly, as I stated initially. Becoming root using su - suddenly takes ages, and systemctl poweroff just times out. This looks indeed like a nasty systemd bug, where any normal user can bring the whole system down on its knees.
 
Old 09-29-2016, 11:35 AM   #27
Richard Cranium
Senior Member
 
Registered: Apr 2009
Location: McKinney, Texas
Distribution: Slackware64 15.0
Posts: 3,858

Rep: Reputation: 2225Reputation: 2225Reputation: 2225Reputation: 2225Reputation: 2225Reputation: 2225Reputation: 2225Reputation: 2225Reputation: 2225Reputation: 2225Reputation: 2225
Quote:
Originally Posted by a4z View Post
what a bad attitude of the developers, fixing a bug after it was reported, not before! 12h after the issue was submitted, what a scandal!

you, with your attitude, would fix the bug before it even was written, wouldn't you? mind-blowingly
and exactly what mind-blowingly stupid is may everyone decide for him/her self.
You, for example, might find you post brilliant, while I think pointing at a bug that got a fix submitted in 12h and talking about developer attitude is mind-blowingly.
Your English is difficult to parse even when you aren't upset; I really don't see why you have an emotional response to people pointing out errors and flaws in systemd. Are you married to it or something?


In any event, there are things called unit tests and code coverage metrics that are used in professional software development environments to catch such issues before they hit the field. I'll point out that the RedHat team that writes systemd is supposed to consist of software professionals (they are paid to write that stuff, aren't they?).

We can also talk about use cases and other ways to ensure that you've covered the various possibilities.

What I find astonishing about this particular bug was that it was triggered by the most obvious edge case of them all: empty input. I'll also add that since it was non-deterministic how many times that you had to write the empty input to provoke the failure, then there is an implication of some deeper issue with the handling of data between and during requests (normally around thread access of some shared data structure).

I've been writing software since 1976 and have been paid to do it since 1995. An error like this would be easy to imagine making it to the field in the 1980's. The world of software practices and testing have come a long way since then.
 
2 members found this post helpful.
Old 09-29-2016, 11:39 AM   #28
Richard Cranium
Senior Member
 
Registered: Apr 2009
Location: McKinney, Texas
Distribution: Slackware64 15.0
Posts: 3,858

Rep: Reputation: 2225Reputation: 2225Reputation: 2225Reputation: 2225Reputation: 2225Reputation: 2225Reputation: 2225Reputation: 2225Reputation: 2225Reputation: 2225Reputation: 2225
Quote:
Originally Posted by a4z View Post
your 'comment of the day' is unfortunately a lie
"Lie" has a specific meaning. Reconsider your choice of words.
 
Old 09-29-2016, 12:23 PM   #29
RadicalDreamer
Senior Member
 
Registered: Jul 2016
Location: USA
Distribution: Slackware64-Current
Posts: 1,816

Rep: Reputation: 981Reputation: 981Reputation: 981Reputation: 981Reputation: 981Reputation: 981Reputation: 981Reputation: 981
I'm not sure what this has to do with Slackware at the present moment. If Slackware ever goes systemd a couple of decades from now I hope all severe bugs are worked out by then. I'm curious what Google will use with Fuchsia and Magenta (the linux killer?).

I'm also not sure why there is a heated argument regarding systemd's efficacy? If half of the internet goes down we will know systemd has a problem.

Last edited by RadicalDreamer; 09-29-2016 at 02:01 PM.
 
Old 09-29-2016, 12:31 PM   #30
a4z
Senior Member
 
Registered: Feb 2009
Posts: 1,727

Rep: Reputation: 742Reputation: 742Reputation: 742Reputation: 742Reputation: 742Reputation: 742Reputation: 742
Quote:
Originally Posted by Richard Cranium View Post
"Lie" has a specific meaning. Reconsider your choice of words.
ok, what about: you made a somehow for some funny comment but it was provable not the truth.
is this better?
thanks for the English election, as a non native English speaker I appreciate help with the English language
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to Crash Systemd in One Tweet ChuangTzu Linux - News 0 09-28-2016 04:03 PM
LXer: Up-and-Coming Clients to Tweet LXer Syndicated Linux News 0 03-05-2014 04:10 PM
LXer: How to use Pidgin to tweet LXer Syndicated Linux News 0 07-17-2012 11:50 PM
Tweet Adder Linux linuxPCplus Linux - Software 0 05-02-2012 11:15 PM
LXer: In Space, Everyone Can Hear You Tweet LXer Syndicated Linux News 0 05-15-2009 08:20 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 07:24 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration