Announcement

Collapse
No announcement yet.

An Exploit In GNOME Shell With Systemd?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • An Exploit In GNOME Shell With Systemd?

    Phoronix: An Exploit In GNOME Shell With Systemd?

    It looks like there might be a big bug in systemd-using GNOME Shell Linux systems...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    In before FUD...

    Reading some of the later comments on the bug there's two prevailing theories for this bug

    1) It occurs in a release and partially-updated versions of Fedora 20. If you are fully updated then you may not be affected by this bug because the main cause was reverted.

    2) Its actually a manifestation of multiple bugs all related to race conditions

    Either way it'll all work out in time; bugs get created, bugs get reported, bugs get fixed, the cycle continues.
    All opinions are my own not those of my employer if you know who they are.

    Comment


    • #3
      This reminds me of the linux desktop screen lockers (KDE 2.x?) that were meant to keep other people out, but could be overriden by a logged out user with physical access to the PC and some button mashing. Eventually they fixed those.

      It looks like this requires physical access to the PC to force a hibernate. Not too serious.

      Comment


      • #4
        thanks for pointing up the bug, I'd seen a few confused reports of this in various places but hadn't been able to reproduce it with multiple tries from a clean F20 install, and hadn't happened across the bug report yet.

        Comment


        • #5
          Wouldn't know seeing as Debian is a cluster frack of GNOME 3.8 not completely stable in Sid and a blown up 3.10 in Experimental, all with but say 6 months away from 3.12 being released.

          Comment


          • #6
            Originally posted by Ericg View Post
            In before FUD...

            Reading some of the later comments on the bug there's two prevailing theories for this bug

            1) It occurs in a release and partially-updated versions of Fedora 20. If you are fully updated then you may not be affected by this bug because the main cause was reverted.

            2) Its actually a manifestation of multiple bugs all related to race conditions

            Either way it'll all work out in time; bugs get created, bugs get reported, bugs get fixed, the cycle continues.
            It's also overly dramatic to call it an "exploit"... at worst, it's a candidate DoS attack, but one requiring either a root shell on the machine, or a compomised yum repo. In either case, the attacker can do a hell of a lot more damage that just exploiting a bug to force someone to reboot. It also has nothing to do with Gnome, other than it being the default desktop on Fedora - the bug seems to simply be locking out all authentication, affecting things like ssh as well.


            The claim about the bug allowing you to bypass screen locking comes from a single comment late in the bug discussion, and despite the commenters belief, looks completely unrelated to this bug. Sounds more like a Shell crash... process died while locked, restarted in a clean state.

            Comment


            • #7
              Originally posted by Marc Driftmeyer View Post
              Wouldn't know seeing as Debian is a cluster frack of GNOME 3.8 not completely stable in Sid and a blown up 3.10 in Experimental, all with but say 6 months away from 3.12 being released.
              I think that's the whole "default init" question again, isn't it? They can't push a newer version of Gnome, because that needs a recent logind, which needs either systemd as PID1, or something like systemd-shim that provides the same interfaces... both of which are blocking on the CTTE making some decisions around how to handle that situation.

              Comment


              • #8
                As I mentioned on the bug, I think the primary problem is a downstream patch that has since been removed. All my reproduction cases went away after I reverted said patch. I don't know fedora updates system but I think an update with the patch reverted was issued on fedora and then pulled. Think it just needs reissued again to solve the vast majority of the problem. +Zbyszek Jedrzejewski-Szmek thinks there is still a race in there, but I'm not convinced (i sent a mail to him showing how the problem could happen with the bad patch (bouncing off bluetooth.service on my machine surprisingly!)
                -Colin Guthrie

                Comment


                • #9
                  race conditions yay! i wish concurrency was easy

                  Comment


                  • #10
                    I am one of few people who has experienced this bug and I am not able to reproduce it any more, whatever I do. It does look as a rare race condition and it takes some time to chase it down. This article clearly exaggerates the scale of problem and AFAIK there is no evidence that it is related to Gnome Shell.

                    Comment

                    Working...
                    X