Security flaw found in systemd

Chat about Linux in general
User avatar
thx-1138
Level 6
Level 6
Posts: 1273
Joined: Fri Mar 10, 2017 12:15 pm
Location: Athens, Greece

Re: Security flaw found in systemd

Post by thx-1138 » Sun Oct 28, 2018 10:04 pm

Schultz wrote:
Sun Oct 28, 2018 8:41 pm
Pjotr wrote:
Security flaws are being discovered, and fixed, on an almost daily basis.
That's true, but are we to see this more often since systemd seems to be hooked into just about everything? (I don't mean that in a carte blanche way, so nobody jump all over me about it.)
No, not really. As an example, the comments in this reddit thread can explain such way better than i can with my relatively limited command of the English language.

Ie. at 'worst' case (not really), exactly because systemd is currently the most widely deployed init out there,
it means more automated fuzzing & obviously manual bug-testing will take place against it.
In that sense, yes, chances are that you / me / everyone will hear more frequently about this or that.
And as such, eventually, can only mean it will become even more secure.
Furthermore, say in order to 'vulgarize' even further...
the above was discovered by a guy working in the Google Security team:
that's because apparently they use it in their products / internally, hence the reason they extensively check such...
Had it been an obscure or non-mainstream init (and/or dhcp6 client), such could have gone undetected for way longer...

mediclaser
Level 3
Level 3
Posts: 161
Joined: Tue Mar 20, 2018 2:28 pm

Re: Security flaw found in systemd

Post by mediclaser » Mon Oct 29, 2018 2:51 pm

DAMIEN1307 wrote:
Sat Oct 27, 2018 6:38 pm
hi schultz, heres the procedure to disable IPV6.

Code: Select all

gksudo xed /etc/default/grub
Edit the bold face line that starts as "GRUB_CMDLINE_LINUX_DEFAULT"...by deleting it and putting this one in its place

Code: Select all

 GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 quiet splash"
X out and "save" when prompted to do so

Then in terminal

Code: Select all

sudo update-grub


Then: Reboot

Test

Code: Select all

test -f /proc/net/if_inet6 && echo "Running kernel is IPv6 ready"
if this comes back with no response, you have succeeded.
I tried this on LMDE 3, and it did not work. Is this for Ubuntu based distros only?
Having a Linux operating system is just like driving a car -- you learn something new everyday.

User avatar
trytip
Level 8
Level 8
Posts: 2484
Joined: Tue Jul 05, 2016 1:20 pm

Re: Security flaw found in systemd

Post by trytip » Mon Oct 29, 2018 5:18 pm

@mediclaser
does your LMDE3 the boot from it's own partition? can you show some proof that it doesn't work ?
Image

mediclaser
Level 3
Level 3
Posts: 161
Joined: Tue Mar 20, 2018 2:28 pm

Re: Security flaw found in systemd

Post by mediclaser » Mon Oct 29, 2018 5:44 pm

trytip wrote:
Mon Oct 29, 2018 5:18 pm
@mediclaser
does your LMDE3 the boot from it's own partition? can you show some proof that it doesn't work ?
This is what I get after following those steps (including reboot):

Code: Select all

medic@lmde3-111:~$ test -f /proc/net/if_inet6 && echo "Running kernel is IPv6 ready"
Running kernel is IPv6 ready
Having a Linux operating system is just like driving a car -- you learn something new everyday.

User avatar
trytip
Level 8
Level 8
Posts: 2484
Joined: Tue Jul 05, 2016 1:20 pm

Re: Security flaw found in systemd

Post by trytip » Mon Oct 29, 2018 5:59 pm

mediclaser wrote:
Mon Oct 29, 2018 5:44 pm
trytip wrote:
Mon Oct 29, 2018 5:18 pm
@mediclaser
does your LMDE3 the boot from it's own partition? can you show some proof that it doesn't work ?
This is what I get after following those steps (including reboot):

Code: Select all

medic@lmde3-111:~$ test -f /proc/net/if_inet6 && echo "Running kernel is IPv6 ready"
Running kernel is IPv6 ready
did you run sudo update-grub or equivalent command for debian after editing? you didn't answer if your debian boots from it's own partition or from another
Image

mediclaser
Level 3
Level 3
Posts: 161
Joined: Tue Mar 20, 2018 2:28 pm

Re: Security flaw found in systemd

Post by mediclaser » Mon Oct 29, 2018 6:36 pm

trytip wrote:
Mon Oct 29, 2018 5:59 pm
...did you run sudo update-grub or equivalent command for debian after editing? you didn't answer if your debian boots from it's own partition or from another
Oh, sorry I forgot to answer that question. The booting partition belongs to another distro (MX-17). Yes I did update the grub as per instruction.
Having a Linux operating system is just like driving a car -- you learn something new everyday.

User avatar
trytip
Level 8
Level 8
Posts: 2484
Joined: Tue Jul 05, 2016 1:20 pm

Re: Security flaw found in systemd

Post by trytip » Mon Oct 29, 2018 10:52 pm

@mediclaser
ok, you need to edit the etc/default/grub.conf on root partition of your mx17. so boot your mx-17 and edit your etc/default/grub.conf. did you do that in your mx-17? and don't forget the sudo update-grub
Image

User avatar
trytip
Level 8
Level 8
Posts: 2484
Joined: Tue Jul 05, 2016 1:20 pm

Re: Security flaw found in systemd

Post by trytip » Tue Oct 30, 2018 12:27 am

for those that disable ipv6 and have edited /etc/hosts file with ipv6 entries you'll need to comment out the ipv6 entries. you can still have dual ipv4/ipv6 entries for blocking trackers and advertisers but the top part needs to be ipv6 free. also delete any ipv6 DNS you have in NetworkManager

Code: Select all

127.0.0.1       localhost
127.0.0.1       localhost.localdomain
255.255.255.255 broadcasthost
127.0.1.1       mint
#::1             localhost
#::1             localhost.localdomain
127.0.0.1       local

# The following lines are desirable for IPv6 capable hosts
#::1             ip6-localhost ip6-loopback
#fe00::0         ip6-localnet
#ff00::0         ip6-mcastprefix
#ff02::1         ip6-allnodes
#ff02::2         ip6-allrouters
#ff02::3         ip6-allhosts
#fe80::1%lo0	localhost
Image

mediclaser
Level 3
Level 3
Posts: 161
Joined: Tue Mar 20, 2018 2:28 pm

Re: Security flaw found in systemd

Post by mediclaser » Tue Oct 30, 2018 10:26 am

trytip wrote:
Mon Oct 29, 2018 10:52 pm
@mediclaser
ok, you need to edit the etc/default/grub.conf on root partition of your mx17. so boot your mx-17 and edit your etc/default/grub.conf. did you do that in your mx-17? and don't forget the sudo update-grub
The etc/default/grub.conf does not exist. Should I create one?
Having a Linux operating system is just like driving a car -- you learn something new everyday.

gm10
Level 13
Level 13
Posts: 4584
Joined: Thu Jun 21, 2018 5:11 pm

Re: Security flaw found in systemd

Post by gm10 » Tue Oct 30, 2018 10:29 am

mediclaser wrote:
Tue Oct 30, 2018 10:26 am
The etc/default/grub.conf does not exist. Should I create one?
No, he meant /etc/default/grub, you've got that one.

mediclaser
Level 3
Level 3
Posts: 161
Joined: Tue Mar 20, 2018 2:28 pm

Re: Security flaw found in systemd

Post by mediclaser » Tue Oct 30, 2018 10:41 am

gm10 wrote:
Tue Oct 30, 2018 10:29 am
mediclaser wrote:
Tue Oct 30, 2018 10:26 am
The etc/default/grub.conf does not exist. Should I create one?
No, he meant /etc/default/grub, you've got that one.
I did that too and it did not work neither. Could it be my multiboot setup preventing it? The only partition it did work OK on is the Mint 19. All the rest returned the "Running kernel is IPv6 ready" after the test.
Here is my multiboot setup:

Code: Select all

/dev/sda1   System Reserved
/dev/sda2   Windows 7
/dev/sda5   Linux Mint 19 Cinnamon
/dev/sda6   MX-17 (boot partition)
/dev/sda7   LMDE 3
/dev/sda8   Debian 9.5 stretch 
/dev/sda9   Linux Mint 18.3 Xfce
/dev/sda10  swap
/dev/sda11  data
Having a Linux operating system is just like driving a car -- you learn something new everyday.

gm10
Level 13
Level 13
Posts: 4584
Joined: Thu Jun 21, 2018 5:11 pm

Re: Security flaw found in systemd

Post by gm10 » Tue Oct 30, 2018 10:44 am

mediclaser wrote:
Tue Oct 30, 2018 10:41 am
Could it be my multiboot setup preventing it?
Maybe the older debian kernels don't support that parameter. I don't know, never looked into it, never felt a need to disable ip6 at kernel level.

User avatar
trytip
Level 8
Level 8
Posts: 2484
Joined: Tue Jul 05, 2016 1:20 pm

Re: Security flaw found in systemd

Post by trytip » Tue Oct 30, 2018 12:03 pm

mediclaser wrote:
Tue Oct 30, 2018 10:26 am
trytip wrote:
Mon Oct 29, 2018 10:52 pm
@mediclaser
ok, you need to edit the etc/default/grub.conf on root partition of your mx17. so boot your mx-17 and edit your etc/default/grub.conf. did you do that in your mx-17? and don't forget the sudo update-grub
The etc/default/grub.conf does not exist. Should I create one?
ok, can you post /boot/grub/grub.cfg from the partition that controls your booting. if debian is your boot loader then gimme that. if mint control your boot then that's the one i need to see. (we'll leave etc/default/grub.conf alone for now)
Image

redlined
Level 4
Level 4
Posts: 303
Joined: Wed Jun 06, 2018 8:12 pm
Location: Mile High, Green State (Denver, CO:)

Re: Security flaw found in systemd

Post by redlined » Tue Oct 30, 2018 12:29 pm

trytip wrote:
Tue Oct 30, 2018 12:27 am
for those that disable ipv6 and have edited /etc/hosts file with ipv6 entries you'll need to comment out the ipv6 entries. you can still have dual ipv4/ipv6 entries for blocking trackers and advertisers but the top part needs to be ipv6 free. also delete any ipv6 DNS you have in NetworkManager
That's what was needed. Thank you for this trytip!
Moem kōan 42: Should tool manufacturers be required to fix their products so that you cannot use their saws to cut the tree branch that you're sitting on?

(The answer to the ultimate question of life, the universe and everything is... 42!!;)

mediclaser
Level 3
Level 3
Posts: 161
Joined: Tue Mar 20, 2018 2:28 pm

Re: Security flaw found in systemd

Post by mediclaser » Tue Oct 30, 2018 1:30 pm

trytip wrote:
Tue Oct 30, 2018 12:03 pm
mediclaser wrote:
Tue Oct 30, 2018 10:26 am
trytip wrote:
Mon Oct 29, 2018 10:52 pm
@mediclaser
ok, you need to edit the etc/default/grub.conf on root partition of your mx17. so boot your mx-17 and edit your etc/default/grub.conf. did you do that in your mx-17? and don't forget the sudo update-grub
The etc/default/grub.conf does not exist. Should I create one?
ok, can you post /boot/grub/grub.cfg from the partition that controls your booting. if debian is your boot loader then gimme that. if mint control your boot then that's the one i need to see. (we'll leave etc/default/grub.conf alone for now)
The partition that controls the booting, is it the one reported by sudo fdisk -l or the one which the most recently installed distro resides in?
Having a Linux operating system is just like driving a car -- you learn something new everyday.

User avatar
trytip
Level 8
Level 8
Posts: 2484
Joined: Tue Jul 05, 2016 1:20 pm

Re: Security flaw found in systemd

Post by trytip » Tue Oct 30, 2018 2:00 pm

mediclaser wrote:
Tue Oct 30, 2018 1:30 pm
The partition that controls the booting, is it the one reported by sudo fdisk -l or the one which the most recently installed distro resides in?
from your post it seems /dev/sda6 MX-17 (boot partition) is your bootloader so post the /boot/grub/grub.conf from your mx-17

you're making things much more complicated then they are. when you turn on your computer and get to grub menu, what's the first/top entry of your menu?
Image

mediclaser
Level 3
Level 3
Posts: 161
Joined: Tue Mar 20, 2018 2:28 pm

Re: Security flaw found in systemd

Post by mediclaser » Tue Oct 30, 2018 2:10 pm

trytip wrote:
Tue Oct 30, 2018 2:00 pm
mediclaser wrote:
Tue Oct 30, 2018 1:30 pm
The partition that controls the booting, is it the one reported by sudo fdisk -l or the one which the most recently installed distro resides in?
from your post it seems /dev/sda6 MX-17 (boot partition) is your bootloader so post the /boot/grub/grub.conf from your mx-17

you're making things much more complicated then they are. when you turn on your computer and get to grub menu, what's the first/top entry of your menu?
Linux Mint 19 is the first entry. But fdisk reports the MX-17 partition as the location of the boot. The content of the /boot/grub/grub.conf is very long, so I have to make sure I get the correct one before I post a clutter in this thread. :)
Having a Linux operating system is just like driving a car -- you learn something new everyday.

Post Reply

Return to “Chat about Linux”