Out-of-bounds write in systemd-resolved with crafted TCP payload
openwall.comI misparsed this as "A bug regarding an OOB write in systemd has been resolved by deployment of a crafted TCP payload" and was hoping for a legendary tale of deeply grey-hat infrastructure hack-patching.
Remind me, why are such critical system components as systemd are still being written in a memory unsafe language?
I'd love to learn Rust by opportunistically implementing parts of the systemd API.
If any Rustafarians start such an effort, please make some noise about it.
Because if it's good enough for OpenBSD, then it's good enough for us.
Because of the many years of development already put into them?
Re-writing things in a memory safe language takes a lot of time. And that's even if the language is stable and available cross-platform.
Systemd itself invalidated the many years of design put into Unix so yeah. Bsd doesn't have this problem because bsd didn't adopt systemd
Because all other languages have higher overhead or are less stable.
Yeah, we really should rewrite the kernel.
Err, that is not an excuse. That just leads to the question of why there is a second kernel metastasizing in userspace.
Was already done, many times. Device drivers is the issue it never took off.
Because Poettering and his fanboys like it, and nobody's implemented anything sufficiently better to overcome the political sway of the freedesktop.org crowd.
previously: https://news.ycombinator.com/item?id=14652787 (5 days ago, 192 points, 237 comments)
Sorry, but this is not a standard TCP payload. I think the bug is in the library that made the packet, not with systemd. They should fix their library.
"A malicious DNS server can exploit this by responding with a specially crafted TCP payload to trick systemd-resolved in to allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it."
When your program doesn't handle a malformed input, and this leads to a buffer overflow, it's your fault. When this program is something as important as systemd, the problem is even worse.
Anything Internet-facing has to accept any kind of packet without crashing, or at least without failing in an exploitable way. That's the bare minimum you-must-be-this-tall entry requirement of security.
I believe it was a joke about how Lennart Poettering usually responds to bug reports.
You are correct. See, for example, his recent response to the issue where systemd starts processes belonging to users whose usernames begin with a digit with root privileges: https://github.com/systemd/systemd/issues/6237#issuecomment-...
My deepest apologies to HN for the overly-dry sense of humor.
Trolling on HN really is like shooting fish in a barrel, isn't it?
"A patch to resolve this has been provided..."
The patch resolves the resolver. Heh.
OT, but I wonder why Poettering chose Kay Sievers to work on systemd in the first place.
Both are Germans, and work at RH.
Frankly the more i look at things, the more i find a small group of people at the RH German office to be the source of recent turmoil.
Was that the only reason?