Re: Embarrassing security bug in systemd
On Thu, Dec 07, 2017 at 12:18:30PM +1300, Ben Caradoc-Davies wrote:
> On 07/12/17 11:30, Roberto C. Sánchez wrote:
> > I too consider this a rather serious bug. However, I do not see any
> > evidence in the BTS [0] that such a bug has yet been reported against
> > systemd.
>
> Not a bug. We can file this one alongside "console user has access to
> keyboard". Where did I out that CVE?
>
Actually not. In my case I use GDM. I have a configuration directive
in /etc/gdm3/greeter.dconf-defaults as follows:
disable-restart-buttons=true
Since I have decided to let GDM manage graphical login and otherwise
depended on the fact that in order to reboot from a TTY or remote
session root permissions are required, I find systemd's behavior to be
buggy.
> Five seconds of Googling informed me that systemd-inhibit can be used to
> prevent shutdown. If you are absolutely sure that you want to wreck the
> well-thought-out privileges for console users, craft a polkit rule. If you
> only want to avoid accidents, install molly-guard.
>
This is not something that I should have to Google. I previously had a
working configuration that prevented halting or rebooting the system by
all non-root users. Then I upgraded, got systemd and it turns out that
my configuration has been silently broken for a very long time. The
fact that systemd does not respect conventions (i.e., must be root to
halt/reboot) or established configuration directives (i.e., in display
managers) should have at the very least been included in the release
notes.
This is the kind of nonsense that makes people dislike systemd. The
priviliges for console users were already well thought out *BEFORE*
systemd, then systemd came along and wrecked it. This is certainly not
the only example where systemd does something like this.
Regards,
-Roberto
--
Roberto C. Sánchez
Reply to: