*** This bug is a security vulnerability ***
Public security bug reported:
On default installs of Ubuntu 15.10, both server and desktop, an
unprivileged user can freeze journald using the attached program.
(Journald is then eventually killed and restarted by systemd after a 1
min timeout is detected - but nothing prevent the unprivileged user to
DOS in a loop if he feels so inclined.)
The reason is that journald uses inappropriate rules to decide if a file
descriptor sent by a user is safe to read.
[ IMO that such a "feature" (passing messages to log to journald by fd
to regular files) exists at all should be questioned anyway, given the
kind of impacts it can have on various aspects of the whole system
(e.g.: the fd is completely read in a malloc'ed area, up to 750 MB) ]
** Affects: systemd (Ubuntu)
Importance: Undecided
Status: New
** Attachment added: "program to freeze journald"
https://bugs.launchpad.net/bugs/1514141/+attachment/4514891/+files/lol.c
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1514141
Title:
unprivileged user can freeze journald
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1514141/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
