Ubuntu Systemd Vulnerability

> This is very bad, because the first thing you should do on a system with systemd-resolved is uninstall it.

Thanks, I just realized that my Arch installation has nih-emd-resolved enabled as the default backend for glibc getaddrinfo and friends. This is how it happens:

https://www.freedesktop.org/software/systemd/man/nss-resolve...

I'm not responsible for any harm to systemd resulting from the use of this information ;)

edit:

And yes, the current version of the package is 232, built in January, so should be vulnerable.

Does anyone have any insight as to why systemd has its own DNS resolution API? That seems like a very strange decision. Is it really only so that systemd "becomes irreplaceable"?

"I have never been more convinced that sticking to an OLD AND TRUSTED source code base for your infrastructure is the way to go."

I recently (2016) built a little network appliance for a specific task that needed to be safe and secure.

I used FreeBSD 4.11.

Yes. I've burned hours on systemd related problems that just didn't exist before. From DBus message delivery failures, debugging things that haven't broken for 20 years (which has incidentally got MUCH harder) to the whole shit crock that is NTP and locale management. That and the whole desktop buggery that has been going on for the best part of 8 years now has really put me off. To be honest you haven't really experienced systemd's fuckery until you have a hosed box. It's like negotiating a boot with a pigeon. Any other platform is ZERO hassle and that includes windows, OSX, freebsd, openbsd etc.

And you can't criticise it anywhere (watch the downvotes).

The problem is it lacks the mysterious as in Zen and the Art of Motorcycle Maintenance class "quality". Merely glitter around a turd.

However we're stuck with it so it's suck it up or move on.

On the subject of moving on, you could run FreeBSD to run your servers. Much lower resource overheads, native ZFS, simple service management, some documentation worth more than toilet paper and the best thing of all, more sleep at night. Now there are binary updates and packages it's pretty easy. No more make world of any of that stuff.

I've been against systemd since day 1, because implementation issues aside, the entire concept is flawed and totally against UNIX philosophy: do one thing and do it well. UNIX, and by extension Linux, succeeded because of this philosophy.

It's also fairly transparent that RedHat would like Linux to be more obfuscated so that more enterprises will have to depend on it for support. But that's no surprise. What was surprising was that the Debian foundation not only opted to adopt systemd, but did so long before it was anywhere near proven to be stable, reliable code. This is contrary to their longstanding methodology. Ubuntu's adoption of systemd was simply the result of following Debian upstream. If only enough people could organize Debian to reverse course on systemd, if only until systemd proves to be stable and reliable (likely never). However, let's not pretend this is the first time that Linux has deviated from traditional UNIX and compatibility. There's always been Linuxisms, systemd is just by far the most egregious case.

FreeBSD has really come of age with pkgng though, and I'm happy to see it garner more attention now due to systemd woes. It has always excelled in certain ways, which is why Whatsapp was able to scale to millions of connections on a single box way back in 2012, its process/thread scheduling resulting in more responsiveness under load, better packet filtering, containerization much earlier on (jails), native ZFS, etc.

David Strauss is one of the systemd developers that don't work at Red Hat. It has its problems too: https://www.agwa.name/blog/post/thoughts_on_the_systemd_root...

Not to mention Kay Sievers which was even hated by Linus Torvalds: https://lkml.org/lkml/2014/4/2/420

The answer is to leave the mainstream linux ecosystem, sadly. Slackware has been good to me. Openbsd is nice. Rolling your own userland is as possible as it's ever been. Maybe it's time to leave.

There are Linux distros that still have not succumbed.

But does not the FreeBSD project even more focus on memory unsafe languages (C) and is more monolithic then Linux distribution in general (userspace must match kernel).

Nah, more like why do systemd include anything to do with DNS at all.

The shoggoth keep sprouting pseudopods as devs gets bored and think they can reimplement a time tested daemon in a weekend.

I imagine because the people who wrote it were C programmers. Did any Ada/DNS or other $LANG/DNS people step up?

> Someone would ask this sooner or later, so.. why is this written in C, really?

When systemd was started, Rust barely had a working compiler and go had been announced for about one year.

That is not what springs to mind, more "why the fuck are you reimplementing DNS in init".

Like, this stuff was built tens of years ago and that code is crappy too but we have pretty much got rid of the most obvious security issues. Nobody wants to relive history so you can finally implement a broken DNS client.

How plausible is it that someone/some group could rewrite/update this to be written in Rust? (Which would presumably solve a lot of the memory corruption issues if I understand Rust's memory safety correctly?).

Same can be asked about Linux, the kernel.

In a word? Arrogance. LOC in c required to create systemd and all of its unnecessary processes is astounding.

Because proper, hardcore programmers never make memory management mistakes and memory management is not that big of a problem, obviously. /s

I bet init is also unaffected.

The real danger is a script kiddie on your LAN with a sniffer or some advanced attacker in the position to MITM you on the wide Internet, depending on whether you are a small fish or a big fish.

US corporations control the root name servers and seem to have no problem cooperating with government requests to fuck^H^H^H^Hkeep a close eye on everyone else.

It's extremely easy to induce a computer to make a DNS request. For example, embed an IMG tag in a web page pointing to the attacker's domain. Anyone loading that page will get the malicious DNS response.

DNS is UDP so you might just get a broken packet sent to you, I guess?

Well no not really. Vulnerabilities exist outside the realms of the language implementations. There are poorly designed protocols and access controls to contend with as well. I'd argue there are a lot more of those classes of problems out there. The ones enabled by programming languages are merely easier to find as you don't have to understand the precise problem domain of the application for each one found.

Maybe every memory access related one. I assume rust still allows you to pass untrusted user input around, for example.

Using a safe language would help even more. Safer than C != Safe.

systemd-resolved is a separated binary of the systemd project, not the PID 1...

systemd-resolved is a separate process (not PID 1) that just was written by the same authors as systemd-the-pid-1.