Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 5 Jul 2017 22:12:11 -0400
From: Jeffrey Walton <noloader@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: systemd fails to parse user that should run service

On Sun, Jul 2, 2017 at 5:08 AM, Daniel SkowroĊ„ski <daniel@...nf.net> wrote:
> Just wanted to bring attention to issue with systemd not doing what is expected when parsing User that should run service.
> When it fails to parse string starting with digit it fails back to root causing obvious threat to security.
>
> See discussion with developer on github: https://github.com/systemd/systemd/issues/6237

Point 1 from https://github.com/systemd/systemd/issues/6237#issuecomment-312479534
seems to be a problem:

> systemd is not the one coming up with the restrictions on user names,
> and while some distributions are less restrictive, many do enforce the
> same restrictions as we do. In order to make systemd unit files
> portable between systems we'll hence enforce something that
> resembles more the universally accepted set, rather than accept the
> most liberal set possible.

systemd is effectively setting policy where it has no business doing so.

Jeff

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.