back to article The D in Systemd stands for 'Dammmmit!' A nasty DHCPv6 packet can pwn a vulnerable Linux box

A security bug in Systemd can be exploited over the network to, at best, potentially crash a vulnerable Linux machine, or, at worst, execute malicious code on the box. The flaw therefore puts Systemd-powered Linux computers – specifically those using systemd-networkd – at risk of remote hijacking: maliciously crafted DHCPv6 …

Page:

  1. Oh Homer
    Linux

    Meh

    As anyone who bothers to read my comments (BTW "hi" to both of you) already knows, I despise systemd with a passion, but this one is more an IPv6 problem in general.

    Yes this is an actual bug in networkd, but IPv6 seems to be far more bug prone than v4, and problems are rife in all implementations. Whether that's because the spec itself is flawed, or because nobody understands v6 well enough to implement it correctly, or possibly because there's just zero interest in making any real effort, I don't know, but it's a fact nonetheless, and my primary reason for disabling it wherever I find it. Which of course contributes to the "zero interest" problem that perpetuates v6's bug prone condition, ad nauseam.

    IPv6 is just one of those tech pariahs that everyone loves to hate, much like systemd, albeit fully deserved IMO.

    Oh yeah, and here's the obligatory "systemd sucks". Personally I always assumed the "d" stood for "destroyer". I believe the "IP" in "IPv6" stands for "Idiot Protocol".

    1. Anonymous Coward
      Anonymous Coward

      Re: Meh

      "nonetheless, and my primary reason for disabling it wherever I find it. "

      The very first guide I read to hardening a system recommended disabling services you didn't need and emphasized IPV6 for the reasons you just stated.

      Wasn't there a bux in Xorg reported recently as well?

      https://www.theregister.co.uk/2018/10/25/x_org_server_vulnerability/

      "FreeDesktop.org Might Formally Join Forces With The X.Org Foundation"

      https://www.phoronix.com/scan.php?page=news_item&px=FreeDesktop-org-Xorg-Forces

      Also, does this mean that Facebook was vulnerable to attack, again?

      "Simply put, you could say Facebook loves systemd."

      https://www.phoronix.com/scan.php?page=news_item&px=Facebook-systemd-2018

      1. Anonymous Coward
        Anonymous Coward

        Re: Meh

        Was going to say the same thing, and I disable IPv6 for the exact same reason. IPv6 code isn't as well tested, as well audited, or as well targeted looking for exploits as IPv4. Stuff like this only proves that it was smart to wait, and I should wait some more.

      2. bombastic bob Silver badge
        Devil

        The gift that keeps on giving (systemd) !!!

        This makes me glad I'm using FreeBSD. The Xorg version in FreeBSD's ports is currently *slightly* older than the Xorg version that had that vulnerability in it. AND, FreeBSD will *NEVER* have systemd in it!

        (and, for Linux, when I need it, I've been using Devuan)

        That being said, the whole idea of "let's do a re-write and do a 'systemd' instead of 'system V init' because WE CAN and it's OUR TURN NOW, 'modern' 'change for the sake of change' etc." kinda reminds me of recent "update" problems with Win-10-nic...

        Oh, and an obligatory Schadenfreude laugh: HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA HA!!!!!!!!!!!!!!!!!!!

        1. Long John Brass

          Re: The gift that keeps on giving (systemd) !!!

          Finally got all my machines cut over from Debian to Devuan.

          Might spin a FreeBSD system up in a VM and have a play.

          I suspect that the infestation of stupid into the Linux space won't stop with or be limited to SystemD. I will wait and watch to see what damage the re-education gulag has done to Sweary McSwearFace (Mr Torvalds)

        2. Anonymous Coward
          Anonymous Coward

          Re: The gift that keeps on giving (systemd) !!!

          Newer does not automatically mean better, but lennyP didn't seem to get that memo

    2. Jay Lenovo

      Re: Meh

      IPv6 and SystemD: Forced industry standard diseases that requires most of us to bite our lips and bear it.

      Fortunately, IPv6 by lack of adopted use, limits the scope of this bug.

      1. vtcodger Silver badge

        Re: Meh

        Fortunately, IPv6 by lack of adopted use, limits the scope of this bug.

        Yeah, fortunately IPv6 is only used by a few fringe organizations like Google and Microsoft.

        Seriously, I personally want nothing to do with either systemd or IPv6. Both seem to me to fall into the bin labeled "If it ain't broke, let's break it" But still it's troubling that things that some folks regard as major system components continue to ship with significant security flaws. How can one trust anything connected to the Internet that is more sophisticated and complex than a TV streaming box?

        1. Anonymous Coward
          Anonymous Coward

          Re: Meh

          How can one trust anything connected to the Internet that is more sophisticated and complex than a TV streaming box?

          Short answer? I don't. Everything I have any sort of trust around never gets to see anything from the Internet, even indirectly. Yes, I understand pretty much the rest of the planet doesn't have that option. I'm also one of those people that happily lives without a smart phone. Really any phone. I can, most can't.

        2. A.P. Veening Silver badge

          Re: Meh

          "How can one trust anything connected to the Internet that is more sophisticated and complex than a TV streaming box?"

          Frankly, I don't trust that TV streaming box either, who knows what it is reporting back and to whom?

    3. Nate Amsden

      Re: Meh

      Count me in the camp of who hates systemd(hates it being "forced" on just about every distro, otherwise wouldn't care about it - and yes I am moving my personal servers to Devuan, thought I could go Debian 7->Devuan but turns out that may not work, so I upgraded to Debian 8 a few weeks ago, and will go to Devuan from there in a few weeks, upgraded one Debian 8 to Devuan already 3 more to go -- Debian user since 1998), when reading this article it reminded me of

      https://www.theregister.co.uk/2017/06/29/systemd_pwned_by_dns_query/

      1. Sven Coenye

        Re: Meh

        FYI, there may be pain on the Debian Jessie -> Devuan Jessie -> Devuan ASCII path.

        There are no issues with a clean install but an upgrade may result in mixing parts of consolekit and elogind. It was reported during testing but things are not entirely resolved. My Xfce lost the reboot/shutdown controls and from the CLI, a shutdown hangs at "Will now halt". Been digging into it since the upgrade, but no success yet.

        1. Doctor Syntax Silver badge

          Re: Meh

          "FYI, there may be pain on the Debian Jessie -> Devuan Jessie -> Devuan ASCII path."

          Providing you've got /home and as many of /opt, /usr/local and /srv that you use on their own partitions why not go for a clean reinstall?

          1. bombastic bob Silver badge
            Devil

            Re: Meh

            clean reinstall, or at least home dirs from a tarball backup.

            If the only things you're really re-installing are system stuff and configs [that will need re-doing anyway], might as well go for it. I've done this route a few times over the years, even when cloning a system onto other boxen or into VMs. works for me. Also works to clean install "that way" when replacing a hard drive.

            /me notes that when you've replaced a hard drive more than once on the same box, it reflects the age of your hardware. Some Most of mine dates back to mid-to-late noughties.

          2. onefang
            Boffin

            Re: Meh

            "Providing you've got /home and as many of /opt, /usr/local and /srv that you use on their own partitions why not go for a clean reinstall?"

            Not so much on their own partition, but backed up elsewhere is what I did, on my desktop and remote server. I wrote a script that started with -

            debootstrap --arch amd64 --variant=minbase ascii /devuan http://deb.devuan.org/merged

            Note the minbase, which when combined with 'APT::Install-Recommends "0"; ' makes for a very clean install.

            1. Doctor Syntax Silver badge

              Re: Meh

              "debootstrap --arch amd64 --variant=minbase ascii /devuan http://deb.devuan.org/merged"

              My idea of a clean reinstall is boot from optical drive/USB stick, reformat and install.

    4. Dan 55 Silver badge

      Re: Meh

      I despise systemd with a passion, but this one is more an IPv6 problem in general.

      Not really, systemd has its tentacles everywhere and runs as root. Exploits which affect systemd therefore give you the keys to the kingdom.

      1. Orv Silver badge

        Re: Meh

        Not really, systemd has its tentacles everywhere and runs as root.

        Yes, but not really the problem in this case. Any DHCP client is going to have to run at least part of the time as root. There's not enough nuance in the Linux privilege model to allow it to manipulate network interfaces, otherwise.

        1. Long John Brass
          Linux

          Re: Meh

          Yes, but not really the problem in this case. Any DHCP client is going to have to run at least part of the time as root. There's not enough nuance in the Linux privilege model to allow it to manipulate network interfaces, otherwise.

          Sorry but utter bullshit. You can if you are so inclined you can use the Linux Capabilities framework for this kind of thing. See https://wiki.archlinux.org/index.php/capabilities

        2. Anonymous Coward
          Anonymous Coward

          Re: Meh

          "Yes, but not really the problem in this case. "

          It is _the_ problem.

          "Any DHCP client is going to have to run at least part of the time as root. "

          Techically true but still a lie. Systemd runs as root _all the time_ and manages whole system, not just network configuration.

          DHCP client runs as a root the milliseconds it needs for adjusting network configuration. Nothing more and claiming it's the same thing is a blatant lie.

    5. Brewster's Angle Grinder Silver badge

      Re: Meh

      But how long has IPv4 been around? I'm not sold on IPv6, but any new technology is going to face a bedding in period as we get to grips with it. Nobody will "understand [IPv6] well enough to implement it correctly" until people have been out there and implemented it incorrectly. And that's true of any IPv4 replacement - good, bad, or IPv6.

    6. Anonymous Coward
      Anonymous Coward

      Re: Meh

      This has nothing to do nor with IPv6 nor even SystemD - it's another developer copying arbitrary data into arbitrary buffers without a clue about what he's doing (and I'm sure he's male) and thereby without any proper check - because someone told him Unix and C are acts of some kind god and can't be broken nor they will ever have bugs. As this event underlines.

      I had problem with other Linux DHCP library - IPv4 included , especially on embedded systems, as soon as the DHCP server returned more options than what the developer thought was "common" - and thereby allocated too small buffers and blindly copied data within. Bad developers don't work for Microsoft only.

      As an old friend of mine often said - "never trust input" - and often means your own brain input...

      1. JohnFen

        Re: Meh

        "someone told him Unix and C are acts of some kind god and can't be broken nor they will ever have bugs."

        Said no one, ever.

    7. MacroRodent

      Re: Meh

      > but IPv6 seems to be far more bug prone than v4, and problems are rife in all implementations.

      That is simply because it is currently less used. Bugs of this nature plagued IPv4 previously, before extensive usage sanded its edges. I remember reporting a somewhat similar IPv4 dhcpd problem to Red Hat about 15 years ago. Not as serious, it was a case of the server failing to recognize a packet that was correct according to the specs. In that time-frame, you could blow up just about any IPv4 service with malformed packets.

    8. Ima Ballsy
      Unhappy

      Re: Meh

      Systemd - The demon spawn of hell from Red Hack .....

      1. I ain't Spartacus Gold badge
        Devil

        Re: Meh

        Systemd stories always have an unfortunate mental association for me. Perhaps for anyone else who's read 'A Scanner Darkly' by Philip K Dick as well? Substance D being the nasty drug they're trying to investigate in that magnificently paranoid book - Dick's best in my opinion. Subsance D, as in D for Death.

        So perhaps all the anti Systemd people should send undercover detectives to infiltrate the heart of the supply network - and then execute all those responsible? Or is that going a touch far?

        1. streaky

          Re: Meh

          People who don't like systemd are autists. There's absolutely nothing wrong with it, you just can't deal with change - even when it's for the better - probably all run 32bit boxes and cried like babies about itanium; despite the fact it's a better arch.

          1. Anonymous Coward
            Anonymous Coward

            Re: Meh

            "People who don't like systemd are autists"

            Lennart, what have we told you about making sock-puppet accounts?

          2. Anonymous Coward
            Anonymous Coward

            Re: Meh

            "People who don't like systemd are autists. There's absolutely nothing wrong with it, you just can't deal with change"

            Sorry buddy, but that's retarded and the supporters are too. There's nothing but faults in it, starting from the "Lennart-boy wants to manage every-fucking-thing" -attitude. While he obviously isn't able to do that. but that's personal, not really important.

            His attitude to users with 30 years more experience in maintenance he'll ever get?

            *They don't know anything*

            That's a paddlin': Egomaniac fucking everything just because he likes it, not for any actual reason.

            What is important is that a change from manageable to binary blob no-one understands, not even Lennart himself, running as root all the time and having its tentacles everyfuckingwhere_is not what we want_.

            No-one except Lennart himself wanted that and even he just because of gigantic ego, not for any real reason.

            First rule of good programming is always KISS.

            There hasn't been anyone for a long time who has been wiping their collectives asses with that rule as systemd-idiots, Lennart specifially, and they will fail eventually as it is already totally unmanageable piece of shitty spaghetti code, which no-one has ever really understood. Not even Lennart, no matter how much he boasts about it.

            KISS is the rule you can't beat. No-one has and I'm quite sure no-one will. No matter how much you feel like a wizard or believe other people being.

  2. JohnFen

    Yay for me

    "If you run a Systemd-based Linux system"

    I remain very happy that I don't use systemd on any of my machines anymore. :)

    "others within the Linux world seem to still be less than impressed with Systemd"

    Yep, I'm in that camp. I gave it a good, honest go, but it increased the amount of hassle and pain of system management without providing any noticeable benefit, so I ditched it.

    1. asdf

      Time to troll

      Bah any system that comes with bash in the base install isn't a proper UNIX system. SystemD is just the cherry on the crap sundae that is Linux in general. You think you are rebelling but Red Hat killed POSIX all the same.

      1. jake Silver badge

        Re: Time to troll

        Bad troll. No cookie.

      2. onefang

        Re: Time to troll

        "Bah any system that comes with bash in the base install isn't a proper UNIX system."

        It's entirely possible to have a Linux system without bash. Just like it's entirely possible to have a Linux system without any GNU in it. You can even do both at once. It might even be fairly common.

        1. ElReg!comments!Pierre

          Re: Time to troll

          > Just like it's entirely possible to have a Linux system without any GNU in it

          Just like it's possible to have a GNU system without Linux on it - ho well as soon as GNU MACH is finally up to the task ;-)

          On the systemd angle, I, too, am in the process of switching all my machines from Debian to Devuan but on my personnal(*) network a few systemd-infected machines remain, thanks to a combination of laziness from my part and stubborn "systemd is quite OK" attitude from the raspy foundation. That vuln may be the last straw : one on the aforementionned machines sits on my DMZ, chatting freely with the outside world. Nothing really crucial on it, but i'd hate it if it became a foothold for nasties on my network.

          (*) policy at work is RHEL, and that's negociated far above my influence level, but I don't really care as all my important stuff runs on Z/OS anyway ;-) . Ok we have to reboot a few VMs occasionnally when systemd throws a hissy fit -which is surprisingly often for an "enterprise" OS -, but meh.

          1. onefang

            Re: Time to troll

            "On the systemd angle, I, too, am in the process of switching all my machines from Debian to Devuan but on my personnal(*) network a few systemd-infected machines remain, thanks to a combination of laziness from my part and stubborn "systemd is quite OK" attitude from the raspy foundation."

            Devuan has bootable SD card images for Raspberry Pi, if that helps.

            1. ElReg!comments!Pierre

              Re: Time to troll

              I know about the Devuan images and even have downloaded the appropriate ones. That's when the aforementionned laziness of mine comes into play (the darn machine I singled out hosts a web server, a ftp server, a mainframe emulator and a few other toys that I'd rather not reinstall and reconfigure from scratch ... )

        2. asdf

          Re: Time to troll

          >It's entirely possible to have a Linux system without bash.

          Yep I do run OpenWRT on my router at home (dual boot with LMDE on desktop at home to be fair as well). I know people love GNU and they have done many great things but after supporting HP-UX production systems at work very sad to see real UNIX disappearing outside the BSDs and even they are under threat. The GNU tool set is also often more bloated and buggier than the original UNIX utilities. Plus Red Hat took advantage of GNU/Linux to basically kill off POSIX. Sad to see how more and more FOSS is becoming dependent on the Linux kernel. Linux is the future but more due to bean counters than being technologically superior. My HP-UX systems have never crashed in 5+ years I have been responsible for them. Some that is down to the high build quality of the hardware but rock solid software than is specifically made for that hardware is a big part of the equation also.

  3. Throatwarbler Mangrove Silver badge
    Coat

    "A security bug in Systemd can be exploited over the network to [...] execute malicious code on the box."

    Too late, systemd is already installed. I'm going, I'm going . . .

    1. herman

      Too bad that the systemd lovers won't get your joke.

  4. ckm5

    Not possible

    Leonard's code is perfect, he said so.

    1. Destroy All Monsters Silver badge

      Re: Not possible

      This code is actually pretty bad and should raise all kinds of red flags in a code review.

      1. Christian Berger

        Re: Not possible

        "This code is actually pretty bad and should raise all kinds of red flags in a code review."

        Yeah, but for that you need people who can do code reviews, and also people who can accept criticism. That also means saying "no" to people who are bad at coding, and saying that repeatedly if they don't learn.

        SystemD seems to be the area where people gather who want to get code in for their resumes, not for people who actually want to make the world a better place.

        1. Anonymous Coward
          Anonymous Coward

          Re: Not possible

          "Yeah, but for that you need people who can do code reviews, and also people who can accept criticism."

          The former isn't too hard, but we already know how Lennart handles criticism, so it will be a wasted effort.

          That leads dirctly to totally unmaintable code and eventually even Lennart realizes that. He's not stupid, he just thinks he's a programming god who's never wrong.

          But, in an ironic way, he's already permanently wrong because of that attitude.

          Coding stuff isn't hard, maintaining it forever is hard.

    2. Anonymous Coward
      Anonymous Coward

      Re: Not possible

      ITYM Lennart

  5. jake Silver badge

    There is a reason ...

    ... that an init, traditionally, is a small bit of code that does one thing very well. Like most of the rest of the *nix core utilities. All an init should do is start PID1, set run level, spawn a tty (or several), handle a graceful shutdown, and log all the above in plaintext to make troubleshooting as simplistic as possible. Anything else is a vanity project that is best placed elsewhere, in it's own stand-alone code base.

    Inventing a clusterfuck init variation that's so big and bulky that it needs to be called a "suite" is just asking for trouble.

    IMO, systemd is a cancer that is growing out of control, and needs to be cut out of Linux before it infects enough of the system to kill it permanently.

    1. AdamWill

      Re: There is a reason ...

      That's why systemd-networkd is a separate, optional component, and not actually part of the init daemon at all. Most systemd distros do not use it by default and thus are not vulnerable to this unless the user actively disables the default network manager and chooses to use networkd instead.

      1. nematoad

        Re: There is a reason ...

        "...actively disables the default network manager and chooses to use networkd instead."

        Pardon my ignorance (I don't use a distro with systemd) why bother with networkd in the first place if you don't have to use it.

        Or was it that it seemed a "fun" thing to do and got shoved in anyway?

        1. onefang

          Re: There is a reason ...

          "why bother with networkd in the first place if you don't have to use it."

          Likely coz its optional status might be temporary.

          1. Anonymous Coward
            Anonymous Coward

            Re: There is a reason ...

            "Likely coz its optional status might be temporary."

            Careful with that "embrace and extend" sort of mentality ....

            1. Anonymous Coward
              Anonymous Coward

              Re: There is a reason ...

              "Careful with that "embrace and extend" sort of mentality ...."

              What is what LP has been doing all the time, with one util at the time falling into black hole of systemd.

              And all of them running as root all the time, of course.

              Systemd _was meant to replace init_ and nothing else. See what it is now, basically replacing everything except kernel itself, from dhcp to syslog.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like