[Touch-packages] [Bug 1514141] Re: unprivileged user can freeze journald
This bug was fixed in the package systemd - 228-1ubuntu2 --- systemd (228-1ubuntu2) xenial; urgency=medium * Merge with Debian to fix FTBFS. systemd (228-3) UNRELEASED; urgency=medium * debian/rules: Remove temporary debug output from test failures again. All Debian buildd kernels are recent enough now, but add a check for kernels older than 3.13 and ignore test failures for those. systemd (228-2) unstable; urgency=medium * Remove wrong endianess conversion in test-siphash24 to fix FTBFS on big-endian machines. * Bump libseccomp-dev build dependency to indicate required versions for backporting to jessie. (Closes: #805497) -- Martin Pitt Thu, 19 Nov 2015 12:41:25 +0100 ** Changed in: systemd (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1514141 Title: unprivileged user can freeze journald Status in systemd package in Ubuntu: Fix Released Bug description: On default installs of Ubuntu 15.10, both server and desktop, an unprivileged user can freeze journald using the attached program. (Journald is then eventually killed and restarted by systemd after a 1 min timeout is detected - but nothing prevent the unprivileged user to DOS in a loop if he feels so inclined.) The reason is that journald uses inappropriate rules to decide if a file descriptor sent by a user is safe to read. [ IMO that such a "feature" (passing messages to log to journald by fd to regular files) exists at all should be questioned anyway, given the kind of impacts it can have on various aspects of the whole system (e.g.: the fd is completely read in a malloc'ed area, up to 750 MB) ] To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1514141/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1514141] Re: unprivileged user can freeze journald
This got fixed/worked around upstream in https://github.com/systemd/systemd/commit/1e603a482f57edb and will be in 228. ** Changed in: systemd (Ubuntu) Status: Triaged => Fix Committed ** Changed in: systemd (Ubuntu) Assignee: (unassigned) => Martin Pitt (pitti) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1514141 Title: unprivileged user can freeze journald Status in systemd package in Ubuntu: Fix Committed Bug description: On default installs of Ubuntu 15.10, both server and desktop, an unprivileged user can freeze journald using the attached program. (Journald is then eventually killed and restarted by systemd after a 1 min timeout is detected - but nothing prevent the unprivileged user to DOS in a loop if he feels so inclined.) The reason is that journald uses inappropriate rules to decide if a file descriptor sent by a user is safe to read. [ IMO that such a "feature" (passing messages to log to journald by fd to regular files) exists at all should be questioned anyway, given the kind of impacts it can have on various aspects of the whole system (e.g.: the fd is completely read in a malloc'ed area, up to 750 MB) ] To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1514141/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1514141] Re: unprivileged user can freeze journald
Thanks for your report! Let's discuss/fix that on the upstream side to get the relevant developers. ** Changed in: systemd (Ubuntu) Importance: Undecided => Medium ** Changed in: systemd (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1514141 Title: unprivileged user can freeze journald Status in systemd package in Ubuntu: Triaged Bug description: On default installs of Ubuntu 15.10, both server and desktop, an unprivileged user can freeze journald using the attached program. (Journald is then eventually killed and restarted by systemd after a 1 min timeout is detected - but nothing prevent the unprivileged user to DOS in a loop if he feels so inclined.) The reason is that journald uses inappropriate rules to decide if a file descriptor sent by a user is safe to read. [ IMO that such a "feature" (passing messages to log to journald by fd to regular files) exists at all should be questioned anyway, given the kind of impacts it can have on various aspects of the whole system (e.g.: the fd is completely read in a malloc'ed area, up to 750 MB) ] To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1514141/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1514141] Re: unprivileged user can freeze journald
OpenSUSE 42.1 bug: https://bugzilla.opensuse.org/show_bug.cgi?id=954374 upstream bug: https://github.com/systemd/systemd/issues/1822 ** Bug watch added: bugzilla.opensuse.org/ #954374 http://bugzilla.opensuse.org/show_bug.cgi?id=954374 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1514141 Title: unprivileged user can freeze journald Status in systemd package in Ubuntu: New Bug description: On default installs of Ubuntu 15.10, both server and desktop, an unprivileged user can freeze journald using the attached program. (Journald is then eventually killed and restarted by systemd after a 1 min timeout is detected - but nothing prevent the unprivileged user to DOS in a loop if he feels so inclined.) The reason is that journald uses inappropriate rules to decide if a file descriptor sent by a user is safe to read. [ IMO that such a "feature" (passing messages to log to journald by fd to regular files) exists at all should be questioned anyway, given the kind of impacts it can have on various aspects of the whole system (e.g.: the fd is completely read in a malloc'ed area, up to 750 MB) ] To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1514141/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1514141] Re: unprivileged user can freeze journald
Fedora 23 misbehaves identically with its default conf: https://bugzilla.redhat.com/show_bug.cgi?id=1279251 ** Bug watch added: Red Hat Bugzilla #1279251 https://bugzilla.redhat.com/show_bug.cgi?id=1279251 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1514141 Title: unprivileged user can freeze journald Status in systemd package in Ubuntu: New Bug description: On default installs of Ubuntu 15.10, both server and desktop, an unprivileged user can freeze journald using the attached program. (Journald is then eventually killed and restarted by systemd after a 1 min timeout is detected - but nothing prevent the unprivileged user to DOS in a loop if he feels so inclined.) The reason is that journald uses inappropriate rules to decide if a file descriptor sent by a user is safe to read. [ IMO that such a "feature" (passing messages to log to journald by fd to regular files) exists at all should be questioned anyway, given the kind of impacts it can have on various aspects of the whole system (e.g.: the fd is completely read in a malloc'ed area, up to 750 MB) ] To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1514141/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
