1. 27
    1. 6

      This feels like a poster child for the knock on effects of a sizable increase in complexity. I get why distros are switching to systemd, it offers some very real benefits, but exploits like this remind us that said benefits come with a price tag.

      1. 5

        This specifically doesn’t seem like a good argument about complexity. Even the simplest program can confuse signed and unsigned integers.

        1. 3

          But you are more likely to find it in a smaller program

        2. 1

          It’s a lot harder in languages that don’t let you transparently mix the two up. Rust, natch, but C# did it first.

    2. 3

      The title should really say that unprivileged systemd users can execute systemctl commands. Not all Linux users are affected.

      1. 3

        The problem is located in polkit, and that’s where the fix is. You don’t need systemd to be vulnerable.

        1. 3

          Ok, then it should say “PolicyKit has a bug handling UID > INT_MAX” and be done with it. (Regardless of where the bug is, unprivileged users can’t execute arbitrary systemctl commands if systemctl isn’t installed. It’s part of Systemd). And: I don’t think PolicyKit is Linux-only, strictly speaking, though hopefully none of the other OSes use it by default.

          Point was: the bug is not a Linux bug and the title is misleading. I run Linux with neither Systemd nor PolicyKit and I’m not affected.

          1. 2

            The headline would be of far less use to some of the if it just talked about PolicyKit. I have no idea that PolicyKit is so mentioning systemctl tells me this news is something to look at. I’m making an assumption that knowing systemctl but not PolicyKit is common; I’m confident it is among my co-workers.

            1. 4

              You could say “bug in PolicyKit allows running arbitrary systemctl commands”, it would be just as brief, just as informative, and would actually be accurate.