Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 5 Jul 2017 22:12:11 -0400
From: Jeffrey Walton <noloader@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: systemd fails to parse user that should run service

On Sun, Jul 2, 2017 at 5:08 AM, Daniel SkowroĊ„ski <daniel@...nf.net> wrote:
> Just wanted to bring attention to issue with systemd not doing what is expected when parsing User that should run service.
> When it fails to parse string starting with digit it fails back to root causing obvious threat to security.
>
> See discussion with developer on github: https://github.com/systemd/systemd/issues/6237

Point 1 from https://github.com/systemd/systemd/issues/6237#issuecomment-312479534
seems to be a problem:

> systemd is not the one coming up with the restrictions on user names,
> and while some distributions are less restrictive, many do enforce the
> same restrictions as we do. In order to make systemd unit files
> portable between systems we'll hence enforce something that
> resembles more the universally accepted set, rather than accept the
> most liberal set possible.

systemd is effectively setting policy where it has no business doing so.

Jeff

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ