Re: [systemd-devel] systemd vulnerability detection
On Wed, Apr 29, 2020 at 08:53:23AM +0530, Amish wrote: > > On 29/04/20 1:00 am, Lennart Poettering wrote: > >Please see: > > > >https://systemd.io/SECURITY/ > > > >... > > > >Lennart > > On a side note, phrasing on the site needs to be changed. https://github.com/systemd/systemd/pull/15632 ? Zbyszek ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] systemd vulnerability detection
On 29/04/20 1:00 am, Lennart Poettering wrote: Please see: https://systemd.io/SECURITY/ ... Lennart On a side note, phrasing on the site needs to be changed. It almost makes you click "public" link instead of "non-public" e-mail link. It should be something like this: If you discover a security vulnerability, we’d appreciate a non-public disclosure. To reach systemd developers in a non-public way, report the issue to the systemd-secur...@redhat.com mailing list. The disclosure will be coordinated with distributions. Please do not use issue tracker and systemd-devel mailing list, as they are fully public. (There should be no hyperlink to issue tracker or systemd-devel mailing list to discourage accidental clicking) Amish ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] systemd vulnerability detection
On Di, 28.04.20 21:35, Fuat Bölük (mek...@fuatboluk.com.tr) wrote: > Hello there. I detected a vulnerability in systemd software. this > vulnerability exists in all systemd versions. vulnerability can be > manipulated by local users and root user rights can be obtained. > > As soon as I publicly publicize this vulnerability, all servers running > systemd will remain vulnerable. it must be closed without the public's > knowledge of the vulnerability. > > I got the root rights by manipulating the vulnerability in ubuntu 19 > and fedora 32 without installing additional software. > > sorry for bad english. I use translation. Please see: https://systemd.io/SECURITY/ i.e. please report to systemd-secur...@redhat.com Thank you, Lennart -- Lennart Poettering, Berlin ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] systemd vulnerability detection
Hello there. I detected a vulnerability in systemd software. this vulnerability exists in all systemd versions. vulnerability can be manipulated by local users and root user rights can be obtained. As soon as I publicly publicize this vulnerability, all servers running systemd will remain vulnerable. it must be closed without the public's knowledge of the vulnerability. I got the root rights by manipulating the vulnerability in ubuntu 19 and fedora 32 without installing additional software. sorry for bad english. I use translation. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] How does KillSignal interact with TimeoutStopSec in systemd?
27.04.2020 08:43, Debraj Manna пишет: Can someone let me know the following about systemd service shutdown sequence 1. If I have specified KillSignal=SIGTERM then how does this interact this TimeoutStopSec ? Does this mean that during shutdown of service, first SIGTERM will be sent and if the service is still running after TimeoutStopSec SIGKILL will be sent (if SendSIGKILL is set to yes? I am asking about the case where nothing is specified in ExecStop. Yes, that's correct 2. Does TimeoutStopSec take into account ExecStop and all ExecPostStop? TimeoutStopSec is for every command. If ExecStopPost command fails (or times out) subsequent commands are not executed, but if each command requires almost TimeoutStopSec time, total execution time will be close to ExecStopPost commands multiplied by TimeoutStopSec. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] local-fs and remote-fs targets / passive active units
Hello, Reading systemd.special(7) and using systemctl show -p After,Before,Wants,Requires ..., I tried to figure out if my following understanding is true: doc says: - an active target is when the consumer pulls in the dependency (ex: network-online.target pulled in by nfs-mountd.service) - a passive target is when the producer pulls in the dependency (ex: network.target pulled in by NetworkManager.service and no other units is supposed to pull the passive unit in. 1) would it be true to consider that an active target always pulls in some units, which is why it is ultimately called "active" : it "does" (pull) something ? So an active unit would provide something to the consumers and would be on the "requirement" side of dependency type. 2) would it be true to consider that a passive target never pulls in any unit, which is why it is ultimately called "passive" as it just consists of some provider "publishing" a check point other units can order themselves upon ? This would be on the "ordering" side of dependeny type ? 3) regarding local-fs dans remote-fs targets : I'm not really sure if any fits in either passive or active units. I see that local-fs.target can be pulled in by sysinit.target and that dracut-pre-pivot.target can pull in remote-fs.target but to me those 2 targets would rather fit the passive unit category ? Thanks for your help -- Thomas HUMMEL ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel