Arguments against systemd - Revision history

Elgowuw: /* Poor design */

2019-04-05T19:11:54Z

‎Poor design

2019-02-25T19:18:36Z

‎Scope creep

2019-02-18T23:40:04Z

‎CVEs: add CVE-2019-6454

2019-01-13T02:34:42Z

‎Scope creep leads to vulnerabilities: System Down

2019-01-10T14:51:37Z

‎CVEs: link Debian tracker

2019-01-10T14:47:32Z

‎CVEs: expand

2019-01-10T14:42:02Z

‎CVEs: add

2019-01-10T14:32:41Z

‎Scope creep leads to vulnerabilities: start listing CVEs

2018-12-16T07:58:32Z

‎Absurd bugs and responses: new debian backdoor? :P

2018-10-26T23:15:44Z

‎Scope creep leads to vulnerabilities: RCE via DHCPv6

@@ Line 51: / Line 51: @@
 * https://bugzilla.redhat.com/show_bug.cgi?id=1170765
 * https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784720
 == Scope creep leads to vulnerabilities ==

@@ Line 20: / Line 20: @@
 * systemd provides a network manager and DHCP client, {{man|systemd-networkd}}
 * systemd provides a HTTP server for journal events, {{man|systemd-journal-gatewayd}} (can be disabled with remote compile option)
 * systemd provides a containerization system {{man|systemd-nspawn}} (see [https://lwn.net/Articles/676831/ lwn - Systemd vs. Docker])
 See [[Wikipedia:File:Systemd components.svg]].

@@ Line 66: / Line 66: @@
 [https://security-tracker.debian.org/tracker/source-package/systemd Debian tracker]
 * [https://security-tracker.debian.org/tracker/CVE-2018-16866 CVE-2018-16866] information leak, out-of-bounds read
 * [https://security-tracker.debian.org/tracker/CVE-2018-16865 CVE-2018-16865] memory corruption

@@ Line 60: / Line 60: @@
 * [https://latesthackingnews.com/2017/06/29/a-systemd-vulnerability-allows-attackers-hack-linux-machines-via-malicious-dns-response/  systemd vulnerability allows attackers to hack Linux machines via malicious DNS response]
 * [https://www.theregister.co.uk/2018/10/26/systemd_dhcpv6_rce/ Remote code execution via DHCPv6]
 === CVEs ===

← Older revision		Revision as of 14:51, 10 January 2019
Line 62:		Line 62:

	=== CVEs ===		=== CVEs ===
		+
		+	[https://security-tracker.debian.org/tracker/source-package/systemd Debian tracker]

	* [https://security-tracker.debian.org/tracker/CVE-2018-16866 CVE-2018-16866] information leak, out-of-bounds read		* [https://security-tracker.debian.org/tracker/CVE-2018-16866 CVE-2018-16866] information leak, out-of-bounds read

@@ Line 66: / Line 66: @@
 * [https://security-tracker.debian.org/tracker/CVE-2018-16865 CVE-2018-16865] memory corruption
 * [https://security-tracker.debian.org/tracker/CVE-2018-16864 CVE-2018-16864] memory corruption
-* [https://nvd.nist.gov/vuln/detail/CVE-2018-15688 CVE-2018-15688] buffer error
+* [https://nvd.nist.gov/vuln/detail/CVE-2018-15688 CVE-2018-15688] buffer overflow in the dhcp6 client
 * [https://nvd.nist.gov/vuln/detail/CVE-2018-15687 CVE-2018-15687] set arbitrary permissions on arbitrary files
-* [https://security-tracker.debian.org/tracker/CVE-2018-15686 CVE-2018-15686]
+* [https://security-tracker.debian.org/tracker/CVE-2018-15686 CVE-2018-15686] potential root privilege escalation
 * [https://security-tracker.debian.org/tracker/CVE-2018-1049 CVE-2018-1049]
 * [https://security-tracker.debian.org/tracker/CVE-2017-1000082 CVE-2017-1000082] parsing error leads to root privilege escalation

@@ Line 63: / Line 63: @@
 == Absurd bugs and responses ==
 * [https://bugs.freedesktop.org/show_bug.cgi?id=74589 freedesktop#74589] Unchecked null pointer dereferencing in PID 1 not considered a serious issue.
 * [https://bugzilla.opensuse.org/show_bug.cgi?id=918226 openSUSE#918226] systemd segfaults after updating from 208-23.3 to 208-28.1