Security flaw found in systemd

[thx-1138]

Pjotr wrote:
Security flaws are being discovered, and fixed, on an almost daily basis.

That's true, but are we to see this more often since systemd seems to be hooked into just about everything? (I don't mean that in a carte blanche way, so nobody jump all over me about it.)

No, not really. As an example, the comments in this reddit thread can explain such way better than i can with my relatively limited command of the English language.

Ie. at 'worst' case (not really), exactly because systemd is currently the most widely deployed init out there,
it means more automated fuzzing & obviously manual bug-testing will take place against it.
In that sense, yes, chances are that you / me / everyone will hear more frequently about this or that.
And as such, eventually, can only mean it will become even more secure.
Furthermore, say in order to 'vulgarize' even further...
the above was discovered by a guy working in the Google Security team:
that's because apparently they use it in their products / internally, hence the reason they extensively check such...
Had it been an obscure or non-mainstream init (and/or dhcp6 client), such could have gone undetected for way longer...

[mediclaser]

hi schultz, heres the procedure to disable IPV6.

Code: Select all

gksudo xed /etc/default/grub

Edit the bold face line that starts as "GRUB_CMDLINE_LINUX_DEFAULT"...by deleting it and putting this one in its place

Code: Select all

 GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 quiet splash"

X out and "save" when prompted to do so

Then in terminal

Code: Select all

sudo update-grub

Then: Reboot

Test

Code: Select all

test -f /proc/net/if_inet6 && echo "Running kernel is IPv6 ready"

if this comes back with no response, you have succeeded.

I tried this on LMDE 3, and it did not work. Is this for Ubuntu based distros only?

[trytip]

@mediclaser
does your LMDE3 the boot from it's own partition? can you show some proof that it doesn't work ?

[mediclaser]

@mediclaser
does your LMDE3 the boot from it's own partition? can you show some proof that it doesn't work ?

This is what I get after following those steps (including reboot):

Code: Select all

medic@lmde3-111:~$ test -f /proc/net/if_inet6 && echo "Running kernel is IPv6 ready"
Running kernel is IPv6 ready

[trytip]

@mediclaser
does your LMDE3 the boot from it's own partition? can you show some proof that it doesn't work ?

This is what I get after following those steps (including reboot):

Code: Select all

medic@lmde3-111:~$ test -f /proc/net/if_inet6 && echo "Running kernel is IPv6 ready"
Running kernel is IPv6 ready

did you run sudo update-grub or equivalent command for debian after editing? you didn't answer if your debian boots from it's own partition or from another

[mediclaser]

...did you run sudo update-grub or equivalent command for debian after editing? you didn't answer if your debian boots from it's own partition or from another

Oh, sorry I forgot to answer that question. The booting partition belongs to another distro (MX-17). Yes I did update the grub as per instruction.

[trytip]

@mediclaser
ok, you need to edit the etc/default/grub.conf on root partition of your mx17. so boot your mx-17 and edit your etc/default/grub.conf. did you do that in your mx-17? and don't forget the sudo update-grub

[trytip]

for those that disable ipv6 and have edited /etc/hosts file with ipv6 entries you'll need to comment out the ipv6 entries. you can still have dual ipv4/ipv6 entries for blocking trackers and advertisers but the top part needs to be ipv6 free. also delete any ipv6 DNS you have in NetworkManager

Code: Select all

127.0.0.1       localhost
127.0.0.1       localhost.localdomain
255.255.255.255 broadcasthost
127.0.1.1       mint
#::1             localhost
#::1             localhost.localdomain
127.0.0.1       local

# The following lines are desirable for IPv6 capable hosts
#::1             ip6-localhost ip6-loopback
#fe00::0         ip6-localnet
#ff00::0         ip6-mcastprefix
#ff02::1         ip6-allnodes
#ff02::2         ip6-allrouters
#ff02::3         ip6-allhosts
#fe80::1%lo0	localhost

[mediclaser]

@mediclaser
ok, you need to edit the etc/default/grub.conf on root partition of your mx17. so boot your mx-17 and edit your etc/default/grub.conf. did you do that in your mx-17? and don't forget the sudo update-grub

The etc/default/grub.conf does not exist. Should I create one?

[gm10]

The etc/default/grub.conf does not exist. Should I create one?

No, he meant /etc/default/grub, you've got that one.

[mediclaser]

The etc/default/grub.conf does not exist. Should I create one?

No, he meant /etc/default/grub, you've got that one.

I did that too and it did not work neither. Could it be my multiboot setup preventing it? The only partition it did work OK on is the Mint 19. All the rest returned the "Running kernel is IPv6 ready" after the test.
Here is my multiboot setup:

Code: Select all

/dev/sda1   System Reserved
/dev/sda2   Windows 7
/dev/sda5   Linux Mint 19 Cinnamon
/dev/sda6   MX-17 (boot partition)
/dev/sda7   LMDE 3
/dev/sda8   Debian 9.5 stretch 
/dev/sda9   Linux Mint 18.3 Xfce
/dev/sda10  swap
/dev/sda11  data

[gm10]

Could it be my multiboot setup preventing it?

Maybe the older debian kernels don't support that parameter. I don't know, never looked into it, never felt a need to disable ip6 at kernel level.

[trytip]

@mediclaser
ok, you need to edit the etc/default/grub.conf on root partition of your mx17. so boot your mx-17 and edit your etc/default/grub.conf. did you do that in your mx-17? and don't forget the sudo update-grub

The etc/default/grub.conf does not exist. Should I create one?

ok, can you post /boot/grub/grub.cfg from the partition that controls your booting. if debian is your boot loader then gimme that. if mint control your boot then that's the one i need to see. (we'll leave etc/default/grub.conf alone for now)

[redlined]

for those that disable ipv6 and have edited /etc/hosts file with ipv6 entries you'll need to comment out the ipv6 entries. you can still have dual ipv4/ipv6 entries for blocking trackers and advertisers but the top part needs to be ipv6 free. also delete any ipv6 DNS you have in NetworkManager

That's what was needed. Thank you for this trytip!

[mediclaser]

@mediclaser
ok, you need to edit the etc/default/grub.conf on root partition of your mx17. so boot your mx-17 and edit your etc/default/grub.conf. did you do that in your mx-17? and don't forget the sudo update-grub

The etc/default/grub.conf does not exist. Should I create one?

ok, can you post /boot/grub/grub.cfg from the partition that controls your booting. if debian is your boot loader then gimme that. if mint control your boot then that's the one i need to see. (we'll leave etc/default/grub.conf alone for now)

The partition that controls the booting, is it the one reported by sudo fdisk -l or the one which the most recently installed distro resides in?

[trytip]

The partition that controls the booting, is it the one reported by sudo fdisk -l or the one which the most recently installed distro resides in?

from your post it seems /dev/sda6 MX-17 (boot partition) is your bootloader so post the /boot/grub/grub.conf from your mx-17

you're making things much more complicated then they are. when you turn on your computer and get to grub menu, what's the first/top entry of your menu?

[mediclaser]

The partition that controls the booting, is it the one reported by sudo fdisk -l or the one which the most recently installed distro resides in?

from your post it seems /dev/sda6 MX-17 (boot partition) is your bootloader so post the /boot/grub/grub.conf from your mx-17

you're making things much more complicated then they are. when you turn on your computer and get to grub menu, what's the first/top entry of your menu?

Linux Mint 19 is the first entry. But fdisk reports the MX-17 partition as the location of the boot. The content of the /boot/grub/grub.conf is very long, so I have to make sure I get the correct one before I post a clutter in this thread.