Out-of-bounds write in systemd-resolved with crafted TCP payload (opens in new tab)

(openwall.com)

66 pointsfrign8y ago23 comments

23 comments

I misparsed this as "A bug regarding an OOB write in systemd has been resolved by deployment of a crafted TCP payload" and was hoping for a legendary tale of deeply grey-hat infrastructure hack-patching.

stepik7778y ago

Remind me, why are such critical system components as systemd are still being written in a memory unsafe language?

jancsika8y ago

I'd love to learn Rust by opportunistically implementing parts of the systemd API.

If any Rustafarians start such an effort, please make some noise about it.

fl0wenol8y ago

Because if it's good enough for OpenBSD, then it's good enough for us.

adekok8y ago

Because of the many years of development already put into them?

Re-writing things in a memory safe language takes a lot of time. And that's even if the language is stable and available cross-platform.

flyovercow8y ago

Systemd itself invalidated the many years of design put into Unix so yeah. Bsd doesn't have this problem because bsd didn't adopt systemd

paulddraper8y ago

Because all other languages have higher overhead or are less stable.

fidget8y ago

Yeah, we really should rewrite the kernel.

digi_owl8y ago

Err, that is not an excuse. That just leads to the question of why there is a second kernel metastasizing in userspace.

drdaeman8y ago

Was already done, many times. Device drivers is the issue it never took off.

na858y ago

Because Poettering and his fanboys like it, and nobody's implemented anything sufficiently better to overcome the political sway of the freedesktop.org crowd.

detaro8y ago

previously: https://news.ycombinator.com/item?id=14652787 (5 days ago, 192 points, 237 comments)

dogecoinbase8y ago

Sorry, but this is not a standard TCP payload. I think the bug is in the library that made the packet, not with systemd. They should fix their library.

gpribeiro8y ago

"A malicious DNS server can exploit this by responding with a specially crafted TCP payload to trick systemd-resolved in to allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it."

When your program doesn't handle a malformed input, and this leads to a buffer overflow, it's your fault. When this program is something as important as systemd, the problem is even worse.

pjc508y ago

Anything Internet-facing has to accept any kind of packet without crashing, or at least without failing in an exploitable way. That's the bare minimum you-must-be-this-tall entry requirement of security.

stepik7778y ago

I believe it was a joke about how Lennart Poettering usually responds to bug reports.

1 more reply

tyingq8y ago

"A patch to resolve this has been provided..."

The patch resolves the resolver. Heh.

yuhong8y ago

OT, but I wonder why Poettering chose Kay Sievers to work on systemd in the first place.

digi_owl8y ago

Both are Germans, and work at RH.

Frankly the more i look at things, the more i find a small group of people at the RH German office to be the source of recent turmoil.

yuhong8y ago

Was that the only reason?

j / k navigate · click thread line to collapse

23 comments

saulrh8y ago

stepik7778y ago

Remind me, why are such critical system components as systemd are still being written in a memory unsafe language?

jancsika8y ago

I'd love to learn Rust by opportunistically implementing parts of the systemd API.

If any Rustafarians start such an effort, please make some noise about it.

fl0wenol8y ago

Because if it's good enough for OpenBSD, then it's good enough for us.

adekok8y ago

Because of the many years of development already put into them?

Re-writing things in a memory safe language takes a lot of time. And that's even if the language is stable and available cross-platform.

flyovercow8y ago

Systemd itself invalidated the many years of design put into Unix so yeah. Bsd doesn't have this problem because bsd didn't adopt systemd

paulddraper8y ago

Because all other languages have higher overhead or are less stable.

fidget8y ago

Yeah, we really should rewrite the kernel.

digi_owl8y ago

Err, that is not an excuse. That just leads to the question of why there is a second kernel metastasizing in userspace.

drdaeman8y ago

Was already done, many times. Device drivers is the issue it never took off.

na858y ago

Because Poettering and his fanboys like it, and nobody's implemented anything sufficiently better to overcome the political sway of the freedesktop.org crowd.

detaro8y ago

previously: https://news.ycombinator.com/item?id=14652787 (5 days ago, 192 points, 237 comments)

dogecoinbase8y ago

Sorry, but this is not a standard TCP payload. I think the bug is in the library that made the packet, not with systemd. They should fix their library.

gpribeiro8y ago

When your program doesn't handle a malformed input, and this leads to a buffer overflow, it's your fault. When this program is something as important as systemd, the problem is even worse.

pjc508y ago

stepik7778y ago

I believe it was a joke about how Lennart Poettering usually responds to bug reports.

1 more reply

tyingq8y ago

"A patch to resolve this has been provided..."

The patch resolves the resolver. Heh.

yuhong8y ago

OT, but I wonder why Poettering chose Kay Sievers to work on systemd in the first place.

digi_owl8y ago

Both are Germans, and work at RH.

Frankly the more i look at things, the more i find a small group of people at the RH German office to be the source of recent turmoil.

yuhong8y ago

Was that the only reason?

j / k navigate · click thread line to collapse