Luke Kenneth Casson Leighton lkcl@lkcl.net writes:
https://it.slashdot.org/story/17/07/03/0343258/severe-systemd-bug-allowed-re...
two years. that's how long one of these bugs has been in systemd. *via a remote network*. what the hell is an init system doing being accessible *via DNS queries*?
If you read the summary of the article to the second line, you'll note that it is talking about 'systemd-resolved' -- so not the init at all.
Yes, I know that it was stupid to call all these disparate bits of the SystemD project systemd-$whatever, becuase it's just asking for people to do what you just did, but I really expect _you_ to understand that there is more than one executable involved in systemd, and that not all of them can possibly run as process 1, all at once.
On my fairly default stretch laptop, systemd-resolved is not running.
On free.hands.com, to which you have access, it is also not running.
So, to answer your qustion, well, it isn't ... obviously.
Might I ask in response: What the hell are you doing not fact checking this before repeating it? It's not as though this is the first time that an anti-systemd story has been spun to the point of becoming nonsense.
I'd imagine that this has managed to go undetected for so long because most people have no interest in running this program on anything but containers (which is what it's for AFAIK) and that anyone sensible is firewalling those containers to make sure that the only DNS server they talk to is the one they control that is running on the physical host.
Cheers, Phil.