This feels like a poster child for the knock on effects of a sizable increase in complexity. I get why distros are switching to systemd, it offers some very real benefits, but exploits like this remind us that said benefits come with a price tag.
This specifically doesn’t seem like a good argument about complexity. Even the simplest program can confuse signed and unsigned integers.
But you are more likely to find it in a smaller program
It’s a lot harder in languages that don’t let you transparently mix the two up. Rust, natch, but C# did it first.
The title should really say that unprivileged systemd users can execute systemctl commands. Not all Linux users are affected.
The problem is located in polkit, and that’s where the fix is. You don’t need systemd to be vulnerable.
Ok, then it should say “PolicyKit has a bug handling UID > INT_MAX” and be done with it. (Regardless of where the bug is, unprivileged users can’t execute arbitrary systemctl commands if systemctl isn’t installed. It’s part of Systemd). And: I don’t think PolicyKit is Linux-only, strictly speaking, though hopefully none of the other OSes use it by default.
Point was: the bug is not a Linux bug and the title is misleading. I run Linux with neither Systemd nor PolicyKit and I’m not affected.
The headline would be of far less use to some of the if it just talked about PolicyKit. I have no idea that PolicyKit is so mentioning systemctl tells me this news is something to look at. I’m making an assumption that knowing systemctl but not PolicyKit is common; I’m confident it is among my co-workers.
You could say “bug in PolicyKit allows running arbitrary systemctl commands”, it would be just as brief, just as informative, and would actually be accurate.