[Arm-netbook] severe systemd bugs (two of them)

[Philip Hands]

Luke Kenneth Casson Leighton <lkcl at lkcl.net> writes:

> https://it.slashdot.org/story/17/07/03/0343258/severe-systemd-bug-allowed-remote-code-execution-for-two-years
>
> two years.  that's how long one of these bugs has been in systemd.
> *via a remote network*.  what the hell is an init system doing being
> accessible *via DNS queries*?

If you read the summary of the article to the second line, you'll note
that it is talking about 'systemd-resolved' -- so not the init at all.

Yes, I know that it was stupid to call all these disparate bits of the
SystemD project systemd-$whatever, becuase it's just asking for people
to do what you just did, but I really expect _you_ to understand that
there is more than one executable involved in systemd, and that not all
of them can possibly run as process 1, all at once.

On my fairly default stretch laptop, systemd-resolved is not running.

On free.hands.com, to which you have access, it is also not running.

So, to answer your qustion, well, it isn't ... obviously.

Might I ask in response: What the hell are you doing not fact checking
this before repeating it?  It's not as though this is the first time
that an anti-systemd story has been spun to the point of becoming
nonsense.

I'd imagine that this has managed to go undetected for so long because
most people have no interest in running this program on anything but
containers (which is what it's for AFAIK) and that anyone sensible is
firewalling those containers to make sure that the only DNS server they
talk to is the one they control that is running on the physical host.

Cheers, Phil.
-- 
|)|  Philip Hands  [+44 (0)20 8530 9560]  HANDS.COM Ltd.
|-|  http://www.hands.com/    http://ftp.uk.debian.org/
|(|  Hugo-Klemm-Strasse 34,   21075 Hamburg,    GERMANY