Page 1 of 3 123 LastLast
Results 1 to 10 of 24

Thread: An Exploit In GNOME Shell With Systemd?

  1. #1
    Join Date
    Jan 2007
    Posts
    13,411

    Default An Exploit In GNOME Shell With Systemd?

    Phoronix: An Exploit In GNOME Shell With Systemd?

    It looks like there might be a big bug in systemd-using GNOME Shell Linux systems...

    http://www.phoronix.com/vr.php?view=MTYwMzg

  2. #2
    Join Date
    Aug 2012
    Location
    Pennsylvania, United States
    Posts
    1,746

    Default

    In before FUD...

    Reading some of the later comments on the bug there's two prevailing theories for this bug

    1) It occurs in a release and partially-updated versions of Fedora 20. If you are fully updated then you may not be affected by this bug because the main cause was reverted.

    2) Its actually a manifestation of multiple bugs all related to race conditions

    Either way it'll all work out in time; bugs get created, bugs get reported, bugs get fixed, the cycle continues.

  3. #3
    Join Date
    Jun 2011
    Posts
    315

    Default

    This reminds me of the linux desktop screen lockers (KDE 2.x?) that were meant to keep other people out, but could be overriden by a logged out user with physical access to the PC and some button mashing. Eventually they fixed those.

    It looks like this requires physical access to the PC to force a hibernate. Not too serious.

  4. #4

    Default

    thanks for pointing up the bug, I'd seen a few confused reports of this in various places but hadn't been able to reproduce it with multiple tries from a clean F20 install, and hadn't happened across the bug report yet.

  5. #5
    Join Date
    Oct 2012
    Location
    Washington State
    Posts
    361

    Default

    Wouldn't know seeing as Debian is a cluster frack of GNOME 3.8 not completely stable in Sid and a blown up 3.10 in Experimental, all with but say 6 months away from 3.12 being released.

  6. #6
    Join Date
    Apr 2010
    Posts
    669

    Default

    Quote Originally Posted by Ericg View Post
    In before FUD...

    Reading some of the later comments on the bug there's two prevailing theories for this bug

    1) It occurs in a release and partially-updated versions of Fedora 20. If you are fully updated then you may not be affected by this bug because the main cause was reverted.

    2) Its actually a manifestation of multiple bugs all related to race conditions

    Either way it'll all work out in time; bugs get created, bugs get reported, bugs get fixed, the cycle continues.
    It's also overly dramatic to call it an "exploit"... at worst, it's a candidate DoS attack, but one requiring either a root shell on the machine, or a compomised yum repo. In either case, the attacker can do a hell of a lot more damage that just exploiting a bug to force someone to reboot. It also has nothing to do with Gnome, other than it being the default desktop on Fedora - the bug seems to simply be locking out all authentication, affecting things like ssh as well.


    The claim about the bug allowing you to bypass screen locking comes from a single comment late in the bug discussion, and despite the commenters belief, looks completely unrelated to this bug. Sounds more like a Shell crash... process died while locked, restarted in a clean state.

  7. #7
    Join Date
    Apr 2010
    Posts
    669

    Default

    Quote Originally Posted by Marc Driftmeyer View Post
    Wouldn't know seeing as Debian is a cluster frack of GNOME 3.8 not completely stable in Sid and a blown up 3.10 in Experimental, all with but say 6 months away from 3.12 being released.
    I think that's the whole "default init" question again, isn't it? They can't push a newer version of Gnome, because that needs a recent logind, which needs either systemd as PID1, or something like systemd-shim that provides the same interfaces... both of which are blocking on the CTTE making some decisions around how to handle that situation.

  8. #8
    Join Date
    Jul 2010
    Posts
    579

    Default

    As I mentioned on the bug, I think the primary problem is a downstream patch that has since been removed. All my reproduction cases went away after I reverted said patch. I don't know fedora updates system but I think an update with the patch reverted was issued on fedora and then pulled. Think it just needs reissued again to solve the vast majority of the problem. +Zbyszek Jedrzejewski-Szmek thinks there is still a race in there, but I'm not convinced (i sent a mail to him showing how the problem could happen with the bad patch (bouncing off bluetooth.service on my machine surprisingly!)
    -Colin Guthrie

  9. #9
    Join Date
    Jul 2013
    Posts
    70

    Default

    race conditions yay! i wish concurrency was easy

  10. #10
    Join Date
    Jul 2011
    Location
    Far far away ...
    Posts
    6

    Default

    I am one of few people who has experienced this bug and I am not able to reproduce it any more, whatever I do. It does look as a rare race condition and it takes some time to chase it down. This article clearly exaggerates the scale of problem and AFAIK there is no evidence that it is related to Gnome Shell.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •