Announcement

Collapse
No announcement yet.

An Exploit In GNOME Shell With Systemd?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • An Exploit In GNOME Shell With Systemd?

    Phoronix: An Exploit In GNOME Shell With Systemd?

    It looks like there might be a big bug in systemd-using GNOME Shell Linux systems...

    http://www.phoronix.com/vr.php?view=MTYwMzg

  • #2
    In before FUD...

    Reading some of the later comments on the bug there's two prevailing theories for this bug

    1) It occurs in a release and partially-updated versions of Fedora 20. If you are fully updated then you may not be affected by this bug because the main cause was reverted.

    2) Its actually a manifestation of multiple bugs all related to race conditions

    Either way it'll all work out in time; bugs get created, bugs get reported, bugs get fixed, the cycle continues.

    Comment


    • #3
      This reminds me of the linux desktop screen lockers (KDE 2.x?) that were meant to keep other people out, but could be overriden by a logged out user with physical access to the PC and some button mashing. Eventually they fixed those.

      It looks like this requires physical access to the PC to force a hibernate. Not too serious.

      Comment


      • #4
        thanks for pointing up the bug, I'd seen a few confused reports of this in various places but hadn't been able to reproduce it with multiple tries from a clean F20 install, and hadn't happened across the bug report yet.

        Comment


        • #5
          Wouldn't know seeing as Debian is a cluster frack of GNOME 3.8 not completely stable in Sid and a blown up 3.10 in Experimental, all with but say 6 months away from 3.12 being released.

          Comment


          • #6
            Originally posted by Ericg View Post
            In before FUD...

            Reading some of the later comments on the bug there's two prevailing theories for this bug

            1) It occurs in a release and partially-updated versions of Fedora 20. If you are fully updated then you may not be affected by this bug because the main cause was reverted.

            2) Its actually a manifestation of multiple bugs all related to race conditions

            Either way it'll all work out in time; bugs get created, bugs get reported, bugs get fixed, the cycle continues.
            It's also overly dramatic to call it an "exploit"... at worst, it's a candidate DoS attack, but one requiring either a root shell on the machine, or a compomised yum repo. In either case, the attacker can do a hell of a lot more damage that just exploiting a bug to force someone to reboot. It also has nothing to do with Gnome, other than it being the default desktop on Fedora - the bug seems to simply be locking out all authentication, affecting things like ssh as well.


            The claim about the bug allowing you to bypass screen locking comes from a single comment late in the bug discussion, and despite the commenters belief, looks completely unrelated to this bug. Sounds more like a Shell crash... process died while locked, restarted in a clean state.

            Comment


            • #7
              Originally posted by Marc Driftmeyer View Post
              Wouldn't know seeing as Debian is a cluster frack of GNOME 3.8 not completely stable in Sid and a blown up 3.10 in Experimental, all with but say 6 months away from 3.12 being released.
              I think that's the whole "default init" question again, isn't it? They can't push a newer version of Gnome, because that needs a recent logind, which needs either systemd as PID1, or something like systemd-shim that provides the same interfaces... both of which are blocking on the CTTE making some decisions around how to handle that situation.

              Comment


              • #8
                As I mentioned on the bug, I think the primary problem is a downstream patch that has since been removed. All my reproduction cases went away after I reverted said patch. I don't know fedora updates system but I think an update with the patch reverted was issued on fedora and then pulled. Think it just needs reissued again to solve the vast majority of the problem. +Zbyszek Jedrzejewski-Szmek thinks there is still a race in there, but I'm not convinced (i sent a mail to him showing how the problem could happen with the bad patch (bouncing off bluetooth.service on my machine surprisingly!)
                -Colin Guthrie

                Comment


                • #9
                  race conditions yay! i wish concurrency was easy

                  Comment


                  • #10
                    I am one of few people who has experienced this bug and I am not able to reproduce it any more, whatever I do. It does look as a rare race condition and it takes some time to chase it down. This article clearly exaggerates the scale of problem and AFAIK there is no evidence that it is related to Gnome Shell.

                    Comment


                    • #11
                      Betteridge's law of headlines.

                      Comment


                      • #12
                        Originally posted by Ericg View Post
                        bugs get created
                        I couldn't have said it better myself. Indeed, the very existence of systemd is nothing but one huge bug.

                        Comment


                        • #13
                          Originally posted by prodigy_ View Post
                          I couldn't have said it better myself. Indeed, the very existence of systemd is nothing but one huge bug.
                          And the very existence of prodigy_ is one big crusade to bring us back to the good old eighties. Back then software was simple and thus (?) bugfree. Mere mortals didn't dream of putting their sticky fingers where they didn't belong. Coders were real men with real beards.

                          Sarcasm aside, you must realise that your endless snide comments and doom-and-gloom-filled rants do not make you seem like the beacon of light and reason you seem to think you are. The fact people often tell you you're wrong does not prove you right, contrary to what Hollywood would have you believe.

                          Our operating systems and software stacks do change so quickly it's often frustrating for us developers, but more often than not it is for the better. Just chill and go with the flow. Give your nerves a break.

                          Comment


                          • #14
                            Originally posted by tuubi View Post
                            And the very existence of prodigy_ is one big crusade to bring us back to the good old eighties. Back then software was simple and thus (?) bugfree. Mere mortals didn't dream of putting their sticky fingers where they didn't belong. Coders were real men with real beards.

                            Sarcasm aside, you must realise that your endless snide comments and doom-and-gloom-filled rants do not make you seem like the beacon of light and reason you seem to think you are. The fact people often tell you you're wrong does not prove you right, contrary to what Hollywood would have you believe.

                            Our operating systems and software stacks do change so quickly it's often frustrating for us developers, but more often than not it is for the better. Just chill and go with the flow. Give your nerves a break.
                            you know..
                            everything systemd does has been done at least 10 years ago, some things are even a lot older
                            it's just that for the new generation this all is new (yes, i'm the new generation too)

                            problem is the flow is going off a cliff

                            Comment


                            • #15
                              found article why systemd is broken by design
                              http://ewontfix.com/14/

                              Comment

                              Working...
                              X