Vulnerability Discovered In Latest Ubuntu Distributions, Users Advised To Update (ubuntu.com) 159
Celarent Darii writes: There is a vulnerability in the latest ubuntu distributions due to the DNS resolver included in systemd. The inclusion of the dns resolver was lamented by many on the mailing list, not without cause. All are advised to update their distribution.
Proof that Linux is just as insecure as Windows! (Score:2, Funny)
Re: Proof that Linux is just as insecure as Window (Score:1)
Finally, the proof! When we arrest Linus, should it be the death sentence or just prison for life?
Re: (Score:3)
Re: (Score:2)
Won't get that past the 8th amendment.
Re: Proof that Linux is just as insecure as Windo (Score:1, Funny)
fuck beta
Re: (Score:2)
Guess again. Ubuntu is the most popular Linux server distro.
http://www.serverwatch.com/col... [serverwatch.com]
Re: (Score:1)
This bug affects 17.04 and 16.10, nothing critical should be running on non LTS releases anyway.
Re: (Score:2)
And they don't just update willy-nilly to the latest distro. You update too quickly, you know you're really a canary in a cage. So the "solution" is to update again? I'd roll back to the previous version of whatever you were using and wait a bit.
But hey, useful fools and all that ...
Re:Linux might become as insecure as Windows! (Score:1)
The problem isn't with Linux, it's with systemd. I do use a distro that unfortunately uses systemd. I was actually surprised at how fast systemd infected so many distributions when so many people seemed to complain about it. There seemed to be a lot of arguments over at Debian, so much that a group of those involved left to create a fork of Debian. I haven't had any problems with it yet, but I am wary of it, and how it goes against what Linux is.
lotta that going around lately (Score:2)
Re: (Score:2)
Re: (Score:1)
Indeed.
I have fond memories for example of how Gnome once decided to remake their desktop environment into little more than a wallpaper, and kept it like that, utterly unusable, for what, two years, all in the name of "goodness".
Arrogant turds.
Re: (Score:1, Insightful)
interestingly enough, everyone who argued against systemd has been validated. Systemd is a cancer and should be irradicated from all distributions. Systemd is an active effort to fuck over Linux to be more like Windows. As systemd continues to be used, Linux continues to become as broken, dysfunctional, and unsecure as Windows.
Only the dumb of the dumb actually champion systemd.
what a horrible dns resolver (Score:1)
I had nothing but issues and uninstalled it and went back to dnsmasq... not a problem since. I wish they would just quit throwing the kitchen, bathroom, outside sinks into this mess.
Re: (Score:1)
Hossssssst filessssss... Preciousssssssss....
Re:what a horrible dns resolver (Score:5, Insightful)
What problem do the systemd guys think that they're solving by adding a half-assed dns resolver to systemd? Is it just because they can't stand to have any software that's not under their direct control?
Re: (Score:1)
Really half assed - I changed to dnsmasq then changed distro because of the mess DNS is in 17.04 - worst Ubuntu release since switching from Redhat to Ubuntu about 10 years ago and all down to this single issue (and tbh one of the worst issues of breakage of something that previously worked I've seen in nearly 25 years of linux experience).
Changing one of the most critical subsystems seems to have been done with little testing (esp home use not with corporate dns) and lack of attention to bug reports during
Re: (Score:1)
I believe it is that they have by now gotten away with so many bad decisions, crappy design and broken implementation, that they think they cannot be touched. Considering the extreme stupidity evident in the adoption of systemd as main init system in many distros, they have a point.
Re: (Score:1)
Such as embedding the Google DNS addresses into the make file of the SystemD compile script - yea really. Have these people any idea of the security implications of embedding a fixed IP address into the DNS resolver. For instance disabling the local DNS server, blocking 8.8.8.8 and firing up your own box at 8.8.8.8. What F*****G genius thought of this particular hack. "This setting is hence only used if no other DNS server info
Re: (Score:2)
Fascinating. It really does not get much more clueless than this.
I'm amazed! (Score:3, Funny)
No kidding. Do all of you folks see my amazed look? :/
B.t.w. does anybody know if systemd already ships its own OS?
Re:I'm amazed! (Score:5, Informative)
Re: (Score:1)
Re: I'm amazed! (Score:2, Insightful)
Although systemd is developed by a clique of Redhat engineers, Redhat distros themselves are so laughably out of date it's likely we will see them suffer from this vulnerability, just in 5 years time.
Poettering strikes again (Score:5, Funny)
I think systemd is a Microsoft plant. It's basically INI files for Linux. Next week he'll upgrade us all to a 'central registry' and you'll need a GUI to edit it.
Re: (Score:3)
Re:Poettering strikes again (Score:4, Informative)
Some are yes, other are complex turing complete and others follow the INI style. Look i.e at /etc/openal/alsoft.conf, /etc/subversion/config, /etc/couchdb/local.ini, or why not any of the .desktop files in /usr/share/applications/.
INI style are not bad just because MS happened to use them a lot in MS-DOS, AFAIK there isn't even anything that points to MS being the inventors of the format, just that they used them system until they came up with their horrid registry.
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
They're what tell you that you're looking at an INI file.
Re: (Score:1)
Poettering: Dbus should move to SystemD.
Dbus developers: How do we get Dbus working under SystemD?
Poettering: That's low level stuff, we don't have the skills, besides that's not my problem.
--
See also what SystemD does to
Re: (Score:2)
I have seen many trolls in my lifetime, but I don't think I've ever seen one as sad and pathetic as this.
You must be new here.
At least for 14.04, the article is full of crap (Score:1)
Too many people lie to hurt Linux because they're corporate shill or just simply hate freedom. The newest version of systemd that we make available for 14.40 is 229-4ubuntu17. This idiot lies and claims that 231-9ubuntu5 fixes the problem. That version does not exist. The attacks from people like Oracle and Microsoft are getting more desperate. Their constant spew of hate must be working because they're investing more money in paying these people to spew more lies.
Who the hell let the PulseAudio dev near init? (Score:1, Interesting)
PulseAudio is a flaky disaster as is the developer behind it. But systemd is scaled up full retard. Who, in their right mind, thinks, "Gee, I should plop my own homegrown DNS resolver into my system service startup tool. Nothing could go wrong with that." Let's forget that BIND went through many painful years of vulnerability management.
Re: (Score:1)
Meh. I know you're trolling, but I'm bored and feel like rambling.
I'd avoided PulseAudio for the longest time. I had like over a second of lag for anything I played through it. Nothing I could do to fix it. That was back when we had to use something because OSS would only let one process play sound at a time (unless your card had multiple DSPs) and for most of us that was aRts or ESD. Then ALSA came along with dmix and all was good.
(I've also used JACK, mostly as an effects box for guitar, but if you j
Re: (Score:2)
Incompetence coupled with extreme arrogance. The same old story all over again, although the morons that decided that systemd is ready for mainstream usage are the truly "special" ones here. There are a lot of incompetent coders out there and the Poettering-cabal was _known_ to be incompetent before, but instead of simply ignoring this broken mess and the cretins behind it, they had to make it the default init-system and apparently now default everything else.
Systemd again??? (Score:1)
Systemd is just a piece of crap. It's slow, bloated, broken, and a security hole waiting to be exploited. I propose that all linux distros revert back to init.d and dispose of this garbage code at a microsoft coding camp.
Dare I say it? (Score:5, Insightful)
Here goes: systemd, the cause of all modern Linux problems.
systemd is completely backward in how unix systems are built. You're supposed to have tiny programs do one job and do it well. systemd is a huge monolith that's assimilating everything on its path.
Wait, why does that sound familiar?
Anyone know if the authors of systemd are getting paid by Microsoft, by any chance?
Re: (Score:1)
The grand irony here is at the same time MS is going in the opposite direction. Many things in Windows are now being handled by " tiny programs do one job and do it well".
Reconfiguring Windows Server via the fancy GUI? It is quite literally a front-end to a bunch of Powershell commands, I shit you not.
Re:Dare I say it? (Score:5, Informative)
I'm not saying that systemd is the answer, but... the old init system worked great if all you ever needed was an init system. That is to say your machine got everything plugged in on boot, always on a wired network and always on AC. The only thing you need the init system for was to get you from cold hardware to a running state, then it could declare "my work here is done" and go into retirement until it was time for shutdown. For some people that's all they need, good for you. Anything dynamic has been a mess. Suspend/resume/hibernate, hot-plugging/unplugging, wired/wireless, connected/not connected to network, AC/battery, power management, docked/undocked, switchable graphics, the list goes on and on.
The track record is not much better when it comes to shared resources like window managers, composited desktops, sound cards etc. that need some kind of mediator like a compositor or sound server. You can of course say that every application should solve this on their own, but the truth is that we know they don't and there's a huge patchwork of solutions that try to make applications play nice, often competing so this application will only work with that system-level service. I can understand that you don't want to support two init systems (SysV, systemd), four sound servers (PulseAudio, ALSA, Jack, OSS), two window managers (X11, Wayland) and so on.
For this you want a modern POSIX, call it an "application execution environment" if you will. A running mediator between the applications and their surroundings, not just at boot but as long as the machine has power. Maybe this could be solved by a hundred small services of various kinds or at least that's its a better solution than one gigantic mess. But to pretend it's all working great is something of an exaggeration, to say the least.
Re:Dare I say it? (Score:5, Insightful)
The problem with systemd is the half-assed assimilation of more and more system functions.
It's not just DNS resolvers, either. I've had issues with systemd's own (very incomplete) SNTP client, which is used instead of more mature and robust clients. Why do they keep reinventing the wheel in such a sloppy way?
Re: (Score:2)
I'm not saying that systemd is the answer, but... the old init system worked great if all you ever needed was an init system. That is to say your machine got everything plugged in on boot, always on a wired network and always on AC. The only thing you need the init system for was to get you from cold hardware to a running state, then it could declare "my work here is done" and go into retirement until it was time for shutdown. For some people that's all they need, good for you. Anything dynamic has been a mess. Suspend/resume/hibernate, hot-plugging/unplugging, wired/wireless, connected/not connected to network, AC/battery, power management, docked/undocked, switchable graphics, the list goes on and on.
I don't need all of that.
When I want a working implementation of that, I just buy a MacBook and run macOS.
Or run Windows, which also exists.
I just need a server that doesn't shit itself between patch-runs, reboots and that doesn't f' up things that worked quite well for a decade (and continue to work quite well on OSs that didn't let an amateur design such a thing (which incidentally is also how Mac OS X got it right: they got people from NeXT and the guy who co-founded the FreeBSD project to head their Uni
Re: (Score:2)
Your entire post is a paean for a two-track solution: a sane, modular solution for servers (already extant), and a convenience solution for mobile devices (if under "convenience" one accepts that some, or many, or most reboots might not be optional).
Slashdot is precisely that forum which caters first of all to the former group.
Yeah? Slashdot was fou
Re: (Score:2)
You're supposed to have tiny programs do one job and do it well.
emacs would like to have a word with you.
What else will I get with the update? (Score:2)
What else can I look forward to if I download this update?
Re: (Score:2)
Yep, and finally their names will be predictable(*)
(*) Predictable for software(**), not for humans.
(**) Provided the software knows all sorts of details, like, where exactly on what bus the NIC is attached, and so on(***).
(***) i.e. essentially unpredictable(****) for software and for humans.
(****) But we refer to it as "predictable(TM)" anyway.
For those keeping track... (Score:2, Funny)
SystemD has 617 issues open [github.com] and there is no sign of all issues being resolved this decade. [in.waw.pl]
Re: (Score:1, Troll)
Going for funny but lacking the insightful part. Systemd is still massively growing in use meaning the number of people available to discover issues is ever increasing as will the infant bugs. It is not yet "mature" and probably the biggest valid complaint is how many distros shipped it so early.
That graph is the infant graph of every project. The only things that are different is the scales, but then unless you've worked on a massive multi-year piece of software you wouldn't recognise it.
They need help.
Wha
Re:For those keeping track... (Score:5, Interesting)
That graph is the infant graph of every project
Sure... except that systemd has been around for seven years. It's not maturing because it's always expanding.
They need help.
I agree, they are rudderless boat that runs into other projects and absorbs them. What they need is vision but the project leaders are blind mice in a maze with no finish line. I cannot help them because they will not accept one of their ideas being rejected.
What are YOU doing to help them? There's 617 things you could be working on.
I've been writing a properly designed replacement to dislodge systemd. It's portable, superior but most importantly it follows the UNIX design philosophy. However, I will not be an enabler of those who work on systemd by cleaning up their messes for the next 30 years.
Open source software is evolutionary and systemd too will go the way of the dinosaurs.
Re: (Score:2)
That graph is the infant graph of every project
Sure... except that systemd has been around for seven years. It's not maturing because it's always expanding.
And that is just it: They are making one of the worst beginners mistakes. And that they are still beginners after 7 years shows that there is something fundamentally wrong with them. The usual explanation is incompetence coupled with arrogance, and it does seem to fit well here. The incompetence makes them beginners and the arrogance prevents them from learning. In addition, they are also uneducated, as Brooks described the things they are doing wrong about 40 years ago.
Re: (Score:2)
And that they are still beginners after 7 years shows that there is something fundamentally wrong with them.
Why don't you try and code a fundamental part of an OS that is attempting to manage every other part of the OS, then we'll see how long you take.
Re: (Score:3)
Why would I try to do something _this_ stupid?
Re: (Score:2)
That graph is the infant graph of every project
Sure... except that systemd has been around for seven years. It's not maturing because it's always expanding.
They even made a game about systemd:
http://agar.io/ [agar.io]
Re: (Score:2)
Sure... except that systemd has been around for seven years.
And it has been in wide circulation for less than 3. I see you've never worked on a major piece of software before.
Re: (Score:2)
Major or minor is irrelevant. What's relevant here is the design or rather the lack thereof. I could argue the specifics but I don't think you have looked at the code. If you actually want to know more about the design of systemd, here's a basic explanation of how it's core works. [darknedgy.net]
Re: (Score:2)
I will certainly not help a project that was fundamentally broken from the start, because its main developers are known incompetents with bad personalities that do not understand the Unix-philosophy at all. If I want to run something made by clueless morons, I just boot Windows, no need to replicate the same lack of understanding on Linux.
Re: (Score:2)
Yeah. It's fundamentally broken, that's exactly why the technical committees of all major distributions have adopted it. It's just as fundamentally broken as Windows, the OS that runs the entire world.
Yep they've totally done goofed. How silly of them.
p.s. You're an idiot.
Re: (Score:2)
I do not even need to comment on this. You made it amply clear who the idiot here actually is.
Re: (Score:2)
We have the most issues! Other projects cannot compete, so sad.
/. is pretty predictable (Score:2, Insightful)
When I read the story, I immediately thought "Half the comments will be about Petya, the other half will lament how systemd is the spawn of hell".
I was not disappointed.
News? (Score:1, Insightful)
Re: (Score:1)
It's news because it's a vulnerability in a systemd component and Slashdot loves a good systemd story.
Re: (Score:3)
A vulnerability is found, update your system. How is that news?
There's three types of vulnerabilities that make the news here:
1) Windows vulnerabilities - because Slashdot loves a good laugh.
2) Linux vulnerabilities - because Slashdot loves freaking out.
3) Systemd vulnerbilities - because Slashdot loves thinking they were right and systemd is evil.
This is a 2 out of 3. I suspect by the morning there will be 900 comments and the Slashdot mobile interface will rate this as the story with the most interest and activity, ... errr I mean the most ad revenue.
Re: (Score:2)
the story with the most interest and activity, ... errr I mean the most ad revenue.
Beat me to it. Systemd articles generate page views. We know this, yet here we are, contributing to the dumpster fire.
Yes, News! (Score:4, Interesting)
The news is clear, Shill.
The news here is that systemd, in its usual 'we know better than anyone, even though we have very very little experience' way replaced perfectly functional systems for the most dubious of reasons (usually 'because we want to make them different, and cannot even be bothered raising our reasons with maintainers of existing solutions because then we may need to rationalise what we want'), and went away and implemented a system broken in a way SO foolish that the existing solutions have addressed exactly these issues decades ago.
Not to mention the fact that they have worked hard to try and make it unavoidable that ALL linux solutions will end up with the problems caused by their basic ignorance by making systemd basically indespensible.
Clear enough? Or perhaps you think a trivially exploitable and almost indefensible DNS bug, along with a file system wiping bug (the good old rm ../...) are just minor bumps on the road to nirvana?
Of course the clear and obvious REASON for systemd is a power grab by RedHat to give them control of the Linux 'standard'. It is unfortunate that they cannot see past their own grab at power to see how damaging such an approach is to the robustness of Linux itself -they must turn away, stick their fingers in their ears, and sing 'la la la la, wont happen to us, la la la la' loudly to themselves each time a big windows exploit drops these days.. Because that is the endpoint of the path they are following.
Oh well (Score:1)
Linus doesn't care (Score:2)
Please, do not use systemd (Score:4, Insightful)
Switch to slackware, devuan, gentoo...
After all Linux is still a few percentage of desktop, no need to install Debian derivative
We are competent admin, are we not ?
Yes, it is painful to see such a great distro being overtaken by such a crap software.
Live long and prosper
Re: (Score:1)
> Switch to slackware, devuan, [...] no need to install Debian derivative
You do realise that Devuan is advertised as systemd-free Debian, right?
Finally... The year of the Linux Desktop (Score:2)
Finally, we may be seeing the year of the Linux Desktop... ...Malware.
Already updated, as usual (Score:2)
Whenever I see one of these vulnerability notices, I always go to to check/update my system, and I always find that my system has installed the fix itself, automatically. Honestly, it's really quite impressive. Nothing like the proprietary worlds. Thanks, Ubuntu, Debian, and the systemd teams!
Reinventing the wheel = reinventing all the bugs (Score:1)
Shitstemd apologists are too stupid to understand that by reinventing all these wheels also means reinventing all the bugs that have been long encountered and fixed in mature and stable code that shitstemd the project wants to reinvent.
It doesn't matter if resolved is not part of the init, or not part of PID 1. It's part of the project and idiot maintainers are including it because they have zero clue about the software they're maintaining. They opted for systemd because unit files are easier to maintain th
Just Ubuntu? (Score:2)
If so, those guys introduced a bug into a working package.
If not, those guy introduced a buggy package in a working environment.
Blame those guys!
Redhat... (Score:1)
There's all this whining about systemd and comparing it to Microsoft but comparing Redhat to Microsoft seems more appropriate, no?
Re: (Score:2)
When I think of Microsoft I think giant anti-competitive sneaky dirty tricks, such as embrace and extend, a.k.a make a new friend, stab him in the back, move into his house, and sleep with his wife.
I'm not seeing anything on the scale of MS's standard playbook going on anywhere in the Linux world.
A nothing burger! (Score:2)
Talk about a "nothing burger" ... this is one!
The fix? Merely a standard "sudo apt upgrade & sudo apt full-upgrade", something most users of Ubuntu & its derivatives do with automatic updates.
This vulnerability doesn't affect Ubuntu LTS (Score:2)
Just be aware that if you're running a LTS [ubuntu.com] version of Ubuntu, it doesn't have this vulnerability.
As per the linked article, this issue affects Ubuntu 17.04 & Ubuntu 16.10. The most recent LTS release [ubuntu.com] is 16.04
Lennart from RedHat _Desktop_ team, rules over eve (Score:1)