:: Re: [DNG] Nasty Linux systemd secur…
Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\Bernard Rosset at <-
MMBernard Rosset at ->
Delete this message
Reply to this message
Author: Didier Kryn
Date:  
To: dng
Subject: Re: [DNG] Nasty Linux systemd security bug revealed
Le 21/07/2021 à 16:51, Bernard Rosset via Dng a écrit :
>> https://www.zdnet.com/article/nasty-linux-systemd-security-bug-revealed/
>
> I'll be projecting myself here, but I reckon sharing the original
> source rather than journalistic articles whenever possible is best
> towards a tech-savvy audience.
>
> The source (included in above article) is here:
> https://blog.qualys.com/vulnerabilities-threat-research/2021/07/20/cve-2021-33910-denial-of-service-stack-exhaustion-in-systemd-pid-1

    The code shows the use of strdupa(). There is a family of functions
which are extensions of POSIX functions, with the suffix 'a' which
allocate space for the returned string from the stack. They are very
convenient for lazy programmer, but (slightly ?) dangerous and do not
belong to POSIX.

    I've found a discussion between a developper and Lennart Poeterring
in which LP recommends the addition of this kind of functions in Musl
libc (which will certainly never happen). It's slightly amusing how the
author of such a critical software as systemd lacks a culture of security.

https://github.com/systemd/casync/issues/129
<https://github.com/systemd/casync/issues/129>

--     Didier

This message was posted to the following mailing lists:
dng
Mailing List Info | Nearby Messages		<-Re: [DNG] Nasty Linux systemd security bug revealedRe: [DNG] Nasty Linux systemd security bug revealed->

Donate to Dyne.org

dyne.org open discussions
administrated by dyne.org hackers		Lurker (version 2.3)