:: Re: [DNG] Nasty Linux systemd secur…
Top Page
Delete this message
Reply to this message
Author: Didier Kryn
Date:  
To: dng
Subject: Re: [DNG] Nasty Linux systemd security bug revealed
Le 21/07/2021 à 16:51, Bernard Rosset via Dng a écrit :
>> https://www.zdnet.com/article/nasty-linux-systemd-security-bug-revealed/
>
> I'll be projecting myself here, but I reckon sharing the original
> source rather than journalistic articles whenever possible is best
> towards a tech-savvy audience.
>
> The source (included in above article) is here:
> https://blog.qualys.com/vulnerabilities-threat-research/2021/07/20/cve-2021-33910-denial-of-service-stack-exhaustion-in-systemd-pid-1


    The code shows the use of strdupa(). There is a family of functions
which are extensions of POSIX functions, with the suffix 'a' which
allocate space for the returned string from the stack. They are very
convenient for lazy programmer, but (slightly ?) dangerous and do not
belong to POSIX.

    I've found a discussion between a developper and Lennart Poeterring
in which LP recommends the addition of this kind of functions in Musl
libc (which will certainly never happen). It's slightly amusing how the
author of such a critical software as systemd lacks a culture of security.

https://github.com/systemd/casync/issues/129
<https://github.com/systemd/casync/issues/129>

--     Didier