Page 1 of 2 12 LastLast
Results 1 to 10 of 24

Thread: An Exploit In GNOME Shell With Systemd?

Hybrid View

  1. #1
    Join Date
    Jan 2007
    Posts
    14,816

    Default An Exploit In GNOME Shell With Systemd?

    Phoronix: An Exploit In GNOME Shell With Systemd?

    It looks like there might be a big bug in systemd-using GNOME Shell Linux systems...

    http://www.phoronix.com/vr.php?view=MTYwMzg

  2. #2
    Join Date
    Aug 2012
    Location
    Pennsylvania, United States
    Posts
    1,892

    Default

    In before FUD...

    Reading some of the later comments on the bug there's two prevailing theories for this bug

    1) It occurs in a release and partially-updated versions of Fedora 20. If you are fully updated then you may not be affected by this bug because the main cause was reverted.

    2) Its actually a manifestation of multiple bugs all related to race conditions

    Either way it'll all work out in time; bugs get created, bugs get reported, bugs get fixed, the cycle continues.

  3. #3
    Join Date
    Jun 2011
    Posts
    316

    Default

    This reminds me of the linux desktop screen lockers (KDE 2.x?) that were meant to keep other people out, but could be overriden by a logged out user with physical access to the PC and some button mashing. Eventually they fixed those.

    It looks like this requires physical access to the PC to force a hibernate. Not too serious.

  4. #4

    Default

    thanks for pointing up the bug, I'd seen a few confused reports of this in various places but hadn't been able to reproduce it with multiple tries from a clean F20 install, and hadn't happened across the bug report yet.

  5. #5
    Join Date
    Oct 2012
    Location
    Washington State
    Posts
    460

    Default

    Wouldn't know seeing as Debian is a cluster frack of GNOME 3.8 not completely stable in Sid and a blown up 3.10 in Experimental, all with but say 6 months away from 3.12 being released.

  6. #6
    Join Date
    Apr 2010
    Posts
    738

    Default

    Quote Originally Posted by Marc Driftmeyer View Post
    Wouldn't know seeing as Debian is a cluster frack of GNOME 3.8 not completely stable in Sid and a blown up 3.10 in Experimental, all with but say 6 months away from 3.12 being released.
    I think that's the whole "default init" question again, isn't it? They can't push a newer version of Gnome, because that needs a recent logind, which needs either systemd as PID1, or something like systemd-shim that provides the same interfaces... both of which are blocking on the CTTE making some decisions around how to handle that situation.

  7. #7
    Join Date
    Nov 2012
    Posts
    614

    Default

    Quote Originally Posted by Sidicas View Post
    This reminds me of the linux desktop screen lockers (KDE 2.x?) that were meant to keep other people out, but could be overriden by a logged out user with physical access to the PC and some button mashing. Eventually they fixed those.

    It looks like this requires physical access to the PC to force a hibernate. Not too serious.
    As far as I know KDE never made such mistake. It was gnome 2, but it's hard to find the link to this bug now.

  8. #8
    Join Date
    Aug 2012
    Location
    Pennsylvania, United States
    Posts
    1,892

    Default

    Quote Originally Posted by Pawlerson View Post
    As far as I know KDE never made such mistake. It was gnome 2, but it's hard to find the link to this bug now.
    I remember the bug he was referring to, Phoronix covered it: http://www.phoronix.com/scan.php?pag...tem&px=MTA0NTA It was an X Server bug that affected all Desktop Environments. But that was in the KDE 4 days, not the KDE 2.x days, so maybe he's referring to a different bug?

  9. #9
    Join Date
    Apr 2010
    Posts
    738

    Default

    Quote Originally Posted by Ericg View Post
    In before FUD...

    Reading some of the later comments on the bug there's two prevailing theories for this bug

    1) It occurs in a release and partially-updated versions of Fedora 20. If you are fully updated then you may not be affected by this bug because the main cause was reverted.

    2) Its actually a manifestation of multiple bugs all related to race conditions

    Either way it'll all work out in time; bugs get created, bugs get reported, bugs get fixed, the cycle continues.
    It's also overly dramatic to call it an "exploit"... at worst, it's a candidate DoS attack, but one requiring either a root shell on the machine, or a compomised yum repo. In either case, the attacker can do a hell of a lot more damage that just exploiting a bug to force someone to reboot. It also has nothing to do with Gnome, other than it being the default desktop on Fedora - the bug seems to simply be locking out all authentication, affecting things like ssh as well.


    The claim about the bug allowing you to bypass screen locking comes from a single comment late in the bug discussion, and despite the commenters belief, looks completely unrelated to this bug. Sounds more like a Shell crash... process died while locked, restarted in a clean state.

  10. #10
    Join Date
    Mar 2013
    Posts
    250

    Default

    Quote Originally Posted by Ericg View Post
    bugs get created
    I couldn't have said it better myself. Indeed, the very existence of systemd is nothing but one huge bug.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •