1. 26
  1.  

  2. 6

    This feels like a poster child for the knock on effects of a sizable increase in complexity. I get why distros are switching to systemd, it offers some very real benefits, but exploits like this remind us that said benefits come with a price tag.

    1. 5

      This specifically doesn’t seem like a good argument about complexity. Even the simplest program can confuse signed and unsigned integers.

      1. 3

        But you are more likely to find it in a smaller program

        1. 1

          It’s a lot harder in languages that don’t let you transparently mix the two up. Rust, natch, but C# did it first.

      2. 3

        The title should really say that unprivileged systemd users can execute systemctl commands. Not all Linux users are affected.

        1. 3

          The problem is located in polkit, and that’s where the fix is. You don’t need systemd to be vulnerable.

          1. 3

            Ok, then it should say “PolicyKit has a bug handling UID > INT_MAX” and be done with it. (Regardless of where the bug is, unprivileged users can’t execute arbitrary systemctl commands if systemctl isn’t installed. It’s part of Systemd). And: I don’t think PolicyKit is Linux-only, strictly speaking, though hopefully none of the other OSes use it by default.

            Point was: the bug is not a Linux bug and the title is misleading. I run Linux with neither Systemd nor PolicyKit and I’m not affected.

            1. 2

              The headline would be of far less use to some of the if it just talked about PolicyKit. I have no idea that PolicyKit is so mentioning systemctl tells me this news is something to look at. I’m making an assumption that knowing systemctl but not PolicyKit is common; I’m confident it is among my co-workers.

              1. 4

                You could say “bug in PolicyKit allows running arbitrary systemctl commands”, it would be just as brief, just as informative, and would actually be accurate.