That is all.
To obtain root privileges on a Linux distribution that utilizes systemd for initialization, start with an invalid user name in the systemd.unit file. Linux usernames are not supposed to begin with numbers, to avoid ambiguity between numeric UIDs and alphanumeric user names. Nevertheless, some modern Linux distributions, like …
That is all.
This is classic Poettering. "I never make mistakes, if it doesn't work you must be doing something wrong". Too many of the Systemd "team" think the same way.
Does anyone remember this previous el Reg story? https://www.theregister.co.uk/2014/04/05/torvalds_sievers_dust_up/
Here's Linux Torvalds firing a torpedo at Systemd developer Kay Sievers after a Systemd bug made Linux systems unbootable and the Systemd "team" refused to fix it, saying that everyone else had to rewrite their code to work around it because Systemd was perfect:
"Key, [sic] I'm f*cking tired of the fact that you don't fix problems in the code *you* write, so that the kernel then has to work around the problems you cause," Torvalds fumed, adding that he wouldn't merge any more of Sievers' code into the kernel until he cleans up his act.
As we can see, nothing has really changed since that was written in 2014.
Nevertheless, some modern Linux distributions, like RHEL7 and CentOS, allow this.
Red Hat you say? That place where Poettering works?
As you say, fucking Poettering.
OK this guy sounds like the classic "My code is soooo precious" programmer but why do these (and only these) distros do this?
Does systemd do it to be compatible with them?
Under what circumstances is this behavior actually useful?
I can't think of a reason, other than some one cocked up development and others are playing follow-the-leader but is that the case?
It doesn't matter if it's useful or not, it's used in some distributions and systemd should be able to cope with it.
And someone at Red Hat should remind him who he works for and force him to open that bug again and fix it as otherwise it's a potential security problem on their own OS.
I remember trying to get support on the pulse audio mailing list - another of his fine creations, and being told (by Lennart) it was buggy alsa drivers that were at fault, not pulse audio so I should take up my problems with the alsa developement team.
The alsa drivers were obviously fine, the problem was in pulse (admittedly in an early incarnation) but the attitude was already there.
There's an easy explanation for why it behaves this way. It's for the special super users 5eyes and 4NSAonly.
Just one icon? Ok, I'll go with this one.
"but the attitude was already there."
Could Poettering be an MS deep cover agent?
Could Poettering be an MS deep cover agent?
Lemme see... Buggy code with potentially significant security flaws? Check
Horrible attitude towards other? Check
Utter refusal to fix bugs? Check
Arrogant fuckwit who thinks he is God's gift rather than satan's diarrhea? Check
Nah, couldn't possibly be...
You left off the bit where Systemd looks and acts an awful (and I do mean Awful!) lot like the Windows registry; what with binary configuration files and logs that need the program itself to read them.
So if Systemd* crashes, it writes to a binary log, which requires Systemd* to load up to read the logs - What could go wrong?
*or the bits o' windows that read/handle the Registry
Well, the company he works for is said to be a major vendor of commercial Linux support. You don't really expect him to remove a potential for revenue income, do you?
"So if Systemd* crashes, it writes to a binary log, which requires Systemd* to load up to read the logs - What could go wrong?"
Now, now... you just need to adapt to the new way of Linux'ing. No need to be critical ;)
It will only be a few months before the Samba stack gets imported into systemd and after that you can easily access those logs right after booting with your trusty Windows 10 environment.
"the project's refusal to address it has frustrated users and developers"
And THAT right there, more than anything, even more than the creeping featurism of systemd itself, is the reason people hate it.
Poettering's arrogance is the reason the "project" refuses to address it. He will insist that clear, replicable bugs aren't actually bugs and that people are just using it wrong.
We're past microsoft and into Apple territory now. "It just works", as long as you hold it right.
Much to my surprise I find myself defending Apple against the slur on it's name. Apple is NOT as loathsome as Lennart Poettering.
I'll drink to that.
This is a more generic problem in the open source community. People creating things as a hobby who just don't quite 'get' all those older principles us grey hairs used to live by and enterprises, anybody with a connection to the wild internet really, have to live by - like the principle of least privilege, like fail-safe over fail-soft (which may mean not being so forgiving about bad input!), like learning from the mistakes of others rather than continually choosing to repeat them yourself (to be fair this one is much more widespread than the FOSS community) and the list goes on.
implies Poettering is a clueless amateur, I take it. no argument from me!
I particularly dislike the use of 'exceptions' rather than checking return values. It's seems to be worse coming from the Python crowd...
It would be nice to run these clueless amateurs through a 'programming boot camp' where you ONLY get to code in 'C', and you MUST check buffer sizes and return values for things like "the file wasn't opened" and "attempting to overflow the buffer".
(and of course, check that the username is a VALID user name, and don't assume root privs when it's *NOT*)
yeah, I'd have a clue-bat, a clue-by-four, and a cat-5-o-nine-tails ready at all times
Well Mr fucking anon, please feel free to avail us of your wisdom ...
I'll happily put my name to 25+ years ...
People choose to post anonymously for a variety of reasons. For me, for example (and I am not the original AC you were so kindly responding to), the main reason for staying anonymous is people like you: when they don't like the message, they immediately proceed to flog, skin, and then shoot the messenger.
If you really have something to say, then kindly do so; if not, nobody here really cares how long you havr been a system administrator or whether you are happy about it.
must return values for things like "the file wasn't opened" and "attempting to overflow the buffer
Any other good ideas from the medieval era?
WOW, basic input validation seen as medieval era....
The difference between wisdom and knowledge.
Knowledge is knowing a tomato is a fruit.
Wisdom is not putting it in a fruit salad.
I'm not the original AC but thought it would be good to explain. I also have 25+ years of eating tomatoes so I think that qualifies me to post nothing on the subject of the article other than to bask in the glory of my tomato knowledge.
It would be nice to run these clueless amateurs
out on a rail, with tar and feathers added
I have 50+ years of growing, harvesting, eating and preserving tomatoes. And over 40 years of coding in the un*x environment. I think I'm perfectly qualified to throw rotten tomatoes in the general direction of the systemd devs.
"Any other good ideas from the medieval era?"
The Iron Maiden - with Poettering inside it?
p.s. SystemD now has an emoji :- U-1F4A9
What do you mean it's taken?
I'll happily put my name to 25+ years of happy sysadmining of Windows and Unix systems.
Ah, you're the one who keeps screwing up and giving us a bad name. Good. Now we know. Just because you've been doing it for years doesn't automatically mean you know how to do it well - not everyone is capable of sufficient self-evaluation to improve.
If there is one thing you should overcome, it is your need to see a name next to a comment. Judge the comment, not the person. Quite a number of us post here anon because we are happy to share our insight (such as it is, I don't cal it that on a Monday morning) but not prepared to jeopardise our work or expose our companies/employers/staff to self righteous idiots if we say something that must be said but is controversial.
A lot of good things started in the medieval period. The rule of law, human rights, better farming, universities and distillation. OK, not some many comp-sci inventions.
"I'll happily put my name to 25+ years of happy sysadmining of Windows and Unix systems."
I am guessing that is far more windows that unix experience.
If you are happy with systemd then it could be said that all you will only ever be is a windows admin, or "user" as they used to be known.
I'm perfectly qualified to throw rotten tomatoes
Why are your tomatoes rotten?
(general comment, no longer @jake)
Systemd seems to me to represent convergence of Linux (at least the mainstream) with Windows. And not in a good way (no comment on whether a good way exists).
[a clueless amateur for the purposes of the troll, and a software professional since 1983]
Isn't not checking and acting properly on return values part of this very bug?
Yeah, I'm going to consider this a bad user ID so I'm not going to change to it, I'll carry on as root as I can't stop as I'm booting the system, so I'll just stick a warning in the log and hope that somebody reads it.
Later when somebody files a bug report...
ITS THERE BAD SOFTWARE!!!!11!11!1
I mean he works for the same employer that makes Red Hat (which considers it a good user ID), FFS.
Where did I say my tomatoes were rotten?
The problem is he is not doing it as a hobby, he is a fulltime and presumably well-payed employee of a $16B company where he does this for a living.
Bob, one day those liberal values of yours will be the death of you.
All the validation goes in the web page. Like, duh!
Then perhaps you can explain the benefits of this "feature" ?
Most people seem to view it as a bug, so why isn't it?
but you missed the most important
"A lot of good things started in the medieval period"
That's nothing compared to the Roman times.
'I particularly dislike the use of 'exceptions' rather than checking return values.'
I'll take structured exception handling over return values all day thank you. Especially if the return value includes the evil of GetLastError
Brewing started long before the Medieval period.
Maybe he misunderstands the robustness principle
But I'm being far too generous there
>>"A lot of good things started in the medieval period"
That's nothing compared to the Roman times.
Why, what did the Romans ever do for us?
The lack of exceptions if one of the reasons that makes C code so fragile and vulnerable. Even after you checked return codes you may have issue properly handling (i.e. freeing resources) and propagating errors without exceptions, usually needing a lot more fragile code and hacks (like gotos).
A small error, and code will keep on happily running in an unstable state, often creating exploitable vulnerabilities. There is also the need to propagate error information, with in C requires to use some static data somewhere, and additional "geterror" calls, hoping they were made thread-safe.
C++ didn't address the issue fully because of its obsession for RAII (which lead to the need of smartpointers - another hack needed to solve a design issue, but not everybody understands and use them properly). That's why we see lots of vulnerabilities around in C/C++ code.
Then there are many ways to use exceptions the wrong way as well.
But it's only amateurs that believe C is the perfect language, and it was creates as such.
You mean besides crappy fonts? You might want to watch "The Life of Brian" as this topic is well covered in the movie.
No, it's clueless return values which are from a medieval era. The "file was not open". Nice. But why it wasn't opened? Was it an RTL error? Was it an OS error? If it was an OS error, what was the original OS error? Do I have a chance to retry it, or not?
The issue with simple return values is they are "monodimensional" and may lose information along the way.
My best practice is "if you can add information to an error, but never remove from". So if a deeply nested routine encounters an OS I/O error, for example, it needs to pass this error to its callers, which may add more information, to allow the higher level one understand what it could do with the error.
Ehm, the rule of law started a little before. Hammurabi could tell something, and the Roman law formed the basis for the rule of law in Europe.
Universal human rights are a product of Enlightenment, medieval people and religions were fully satisfied with slavery, castes, sentencing free thinkers, etc. etc.
It's fermentation, like wine. Not distillation.
If you really have something to say, then kindly do so; if not, nobody here really cares how long you havr been a system administrator or whether you are
one at all.
I stand corrected.
Well actually I'll be slumping down but it's much the same.
Biting the hand that feeds IT © 1998–2017