oss-sec mailing list archives
Re: systemd fails to parse user that should run service
From: Jeffrey Walton <noloader () gmail com>
Date: Wed, 5 Jul 2017 22:12:11 -0400
On Sun, Jul 2, 2017 at 5:08 AM, Daniel SkowroĊski <daniel () dsinf net> wrote:
Just wanted to bring attention to issue with systemd not doing what is expected when parsing User that should run service. When it fails to parse string starting with digit it fails back to root causing obvious threat to security. See discussion with developer on github: https://github.com/systemd/systemd/issues/6237
Point 1 from https://github.com/systemd/systemd/issues/6237#issuecomment-312479534 seems to be a problem:
systemd is not the one coming up with the restrictions on user names, and while some distributions are less restrictive, many do enforce the same restrictions as we do. In order to make systemd unit files portable between systems we'll hence enforce something that resembles more the universally accepted set, rather than accept the most liberal set possible.
systemd is effectively setting policy where it has no business doing so. Jeff
Current thread:
- Re: systemd fails to parse user that should run service, (continued)
- Re: systemd fails to parse user that should run service Perry E. Metzger (Jul 05)
- Re: systemd fails to parse user that should run service Robert Scheck (Jul 05)
- Re: systemd fails to parse user that should run service Patrick J. Volkerding (Jul 06)
- Re: systemd fails to parse user that should run service Simon McVittie (Jul 06)
- Re: systemd fails to parse user that should run service Leonid Isaev (Jul 06)
- Re: systemd fails to parse user that should run service Simon McVittie (Jul 06)
- Re: systemd fails to parse user that should run service Leonid Isaev (Jul 06)
- Re: systemd fails to parse user that should run service Simon McVittie (Jul 06)
- Re: systemd fails to parse user that should run service Martin Steigerwald (Jul 06)
- Re: systemd fails to parse user that should run service Martin Steigerwald (Jul 06)