Re: [systemd-devel] Github systemd issue 6237
On Tue, 04 Jul 2017 17:21:01 +, Zbigniew Jędrzejewski-Szmek wrote: > If you need root permissions to create a unit, then it's not a security > issue. An annoyance at most. The fact that you need to be root to create a unit file is irrelevant. Systemd is running a service as a different user to what is defined in the unit file. This is a bug and a local security issue, especially because it will run said service as root. It might not warrant a CVE, although in my line of work this is considered a security issue, but it is a bug and needs fixing. The fix is to refuse to run the service, period. Is there any other place I can go to open a bug, or do I need to go to the upstream "vendor" bugzila? Regards, Abis. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] Github systemd issue 6237
Hi all, https://github.com/systemd/systemd/issues/6237 Apologies for asking here, but since the discussion is locked in Github I thought to ask here. This was marked as "not a bug", but in later comments the wording suggests that systemd behaviour will change and if the username in a unit does not exist systemd will ignore the unit, instead of running it as root. My question is: Is this a bug with a BZ against rhel/centos7 (as my understanding is that this affects EL7 too)? If there is no BZ and based on the wording of the second to last comment by poettering, will this be fixed/changed in a future update? I personally see this as a security issue and thus as a bug. Again, apologies for asking here, but I cannot comment in the github discussion due to the thread being locked to maintainers only. Regards, Abis. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
