Bug#766938: systemd: network-pre.target doesn't seem to be guaranteed to run before the network is up

Sun, 26 Oct 2014 19:16:07 -0700 

Package: systemd
Version: 215-5+b1
Severity: important
Tags: security


Hi.

Maybe I just miss something, but AFAIU, network-pre.target is not guaranteed
to run before any networking is brougt up (which is the whole point of
network-pre.target).

network.target has an After= on network-pre.target, but network.target itself
isn't what brings the network up, right? Instead ifup@.service does that which
has a Before= on network.target.

Doesn't that mean that there is no guarantee that network-pre.target "runs"
before ifup@.service?

Therefore there is no guarantee that any services that bring up the firewall
are run before and iface is brought up, which in case should make this issue
security relevant. Depending on the other rules of a system there may be a
short or even longer period between an iface being brougt up and firewall rules
loaded by a unit file, that trusts in network-pre.target.


Cheers,
Chris.


-- Package-specific info:

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_DE.utf8, LC_CTYPE=en_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages systemd depends on:
ii  acl             2.2.52-2
ii  adduser         3.113+nmu3
ii  initscripts     2.88dsf-57
ii  libacl1         2.2.52-2
ii  libaudit1       1:2.4-1
ii  libblkid1       2.25.2-2
ii  libc6           2.19-12
ii  libcap2         1:2.24-6
ii  libcap2-bin     1:2.24-6
ii  libcryptsetup4  2:1.6.6-3
ii  libgcrypt20     1.6.2-4
ii  libkmod2        18-3
ii  liblzma5        5.1.1alpha+20120614-2
ii  libpam0g        1.1.8-3.1
ii  libselinux1     2.3-2
ii  libsystemd0     215-5+b1
ii  sysv-rc         2.88dsf-57
ii  udev            215-5+b1
ii  util-linux      2.25.2-2

Versions of packages systemd recommends:
ii  dbus            1.8.8-2
ii  libpam-systemd  215-5+b1

Versions of packages systemd suggests:
ii  systemd-ui  3-2

-- Configuration Files:
/etc/systemd/logind.conf changed [not included]

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to