An Exploit In GNOME Shell With Systemd?
Phoronix: An Exploit In GNOME Shell With Systemd?
It looks like there might be a big bug in systemd-using GNOME Shell Linux systems...
In before FUD...
Reading some of the later comments on the bug there's two prevailing theories for this bug
1) It occurs in a release and partially-updated versions of Fedora 20. If you are fully updated then you may not be affected by this bug because the main cause was reverted.
2) Its actually a manifestation of multiple bugs all related to race conditions
Either way it'll all work out in time; bugs get created, bugs get reported, bugs get fixed, the cycle continues.
This reminds me of the linux desktop screen lockers (KDE 2.x?) that were meant to keep other people out, but could be overriden by a logged out user with physical access to the PC and some button mashing. Eventually they fixed those.
It looks like this requires physical access to the PC to force a hibernate. Not too serious.
thanks for pointing up the bug, I'd seen a few confused reports of this in various places but hadn't been able to reproduce it with multiple tries from a clean F20 install, and hadn't happened across the bug report yet.
Wouldn't know seeing as Debian is a cluster frack of GNOME 3.8 not completely stable in Sid and a blown up 3.10 in Experimental, all with but say 6 months away from 3.12 being released.
I think that's the whole "default init" question again, isn't it? They can't push a newer version of Gnome, because that needs a recent logind, which needs either systemd as PID1, or something like systemd-shim that provides the same interfaces... both of which are blocking on the CTTE making some decisions around how to handle that situation.
Originally Posted by Marc Driftmeyer
As far as I know KDE never made such mistake. It was gnome 2, but it's hard to find the link to this bug now.
Originally Posted by Sidicas
I remember the bug he was referring to, Phoronix covered it: http://www.phoronix.com/scan.php?pag...tem&px=MTA0NTA It was an X Server bug that affected all Desktop Environments. But that was in the KDE 4 days, not the KDE 2.x days, so maybe he's referring to a different bug?
Originally Posted by Pawlerson
It's also overly dramatic to call it an "exploit"... at worst, it's a candidate DoS attack, but one requiring either a root shell on the machine, or a compomised yum repo. In either case, the attacker can do a hell of a lot more damage that just exploiting a bug to force someone to reboot. It also has nothing to do with Gnome, other than it being the default desktop on Fedora - the bug seems to simply be locking out all authentication, affecting things like ssh as well.
Originally Posted by Ericg
The claim about the bug allowing you to bypass screen locking comes from a single comment late in the bug discussion, and despite the commenters belief, looks completely unrelated to this bug. Sounds more like a Shell crash... process died while locked, restarted in a clean state.
I couldn't have said it better myself. Indeed, the very existence of systemd is nothing but one huge bug.
Originally Posted by Ericg