[sf-lug] systemd and memory corruption...

Rick Moen rick at linuxmafia.com
Tue Jan 22 20:35:14 PST 2019


Quoting Bobbie Sellers (bliss-sf4ever at dslextreme.com):

> Hi LUGers,
> 
>     Well some of knew in our hearts that systemd was
> an evil scheme.  ;^)    I found this on the Usenet in a
> Linux newsgroup, comp.os.linux.misc.  ;^|
> 
> <https://www.bleepingcomputer.com/news/security/linux-systemd-affected-by-memory-corruption-vulnerabilities-no-patches-yet/>
> 
>     I haven't had time to read the full article at the site.
>     Rick can probably comment better than I on the article
> and its assertions.

You actually posted the very same story, with the very same URL, on
January 10th.  At the time, I was, in a brief fit of delirious optimism,
hoping someone else would make the obvious observation -- that it's
fundamentally and horribly wrong that it should _ever_ be possible to 
not only send remote network data to a system logger daemon
(systemd-logind.service) and corrupt memory but also thereby gain remote
control of a root-user shell.  That whether or not this abject security
failure got 'fixed' was trivia compared to the vital point that this
should not have been possible in the first place.

And: nope.

Sure enough, there were a couple of interesting follow-ups, e.g.,
Michael P. commented on the core systemd init's carefree assumption
that the running init must be system _without checking_ that this was
true, leading to 'all hell breaking loose' when the newly arrived
systemd software shot PID#1 (SysVInit) in the head and took its place
as PID#1 (grimly amusing to contemplate, albeit ghastly).

The only other comment was Ken Shaffer saying a day later tat Ubuntu had
security patces out -- but nobody went for the obvious takeaway.

I don't like to harp on that matter, especially if, as seems likely,
people here really don't want to hear the message, and so phrased it an
entirely different way, by quoting *ix security expert Marcus Ranum:


  One clear symptom that you've got a case of "Penetrate and Patch" is
  when you find that your system is always vulnerable to the "bug of the
  week."  It means that you've put yourself in a situation where every time
  the hackers invent a new weapon, it works against you.  Doesn't that
  sound dumb?  Your software and systems should be secure by design and
  should have been designed with flaw-handling in mind.
                                      -- Marcus J. Ranum
  http://www.ranum.com/security/computer_security/editorials/dumb/


  Patching shows an acceptance that the administrator has not 
  _solved the problem_ - it shows an acceptance that you have signed up 
  for an endless war that you cannot win.  Master Sun might say it 
  indicates you are stupid or, at the very least, hammered into stupidity 
  by the constant stream of vulnerabilities in mission critical-software. 
  It should be pretty obvious that constantly upgrading mission critical 
  software is a _bad_ idea from a systems-reliability standpoint, too.
                                      -- Marcus J. Ranum
  http://www.ranum.com/security/computer_security/editorials/master-tzu/


Ranum's point (elaborated on at the two links provided) is that, once
you assess a security-sensitive system as just fundamentally _bad_,
beset with security bugs that should never have existed at all, it's
past time to stop 'fixing' that software, and instead get rid of it.



More information about the sf-lug mailing list