touch-packages team mailing list archive

Thread
Date

[Bug 1514141] Re: unprivileged user can freeze journald

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Guillaume Knispel <xilun0@xxxxxxxxx>
Date: Tue, 10 Nov 2015 02:15:42 -0000
Reply-to: Bug 1514141 <1514141@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

OpenSUSE 42.1 bug: https://bugzilla.opensuse.org/show_bug.cgi?id=954374
upstream  bug: https://github.com/systemd/systemd/issues/1822

** Bug watch added: bugzilla.opensuse.org/ #954374
   http://bugzilla.opensuse.org/show_bug.cgi?id=954374

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1514141

Title:
  unprivileged user can freeze journald

Status in systemd package in Ubuntu:
  New

Bug description:
  On default installs of Ubuntu 15.10, both server and desktop, an
  unprivileged user can freeze journald using the attached program.
  (Journald is then eventually killed and restarted by systemd after a 1
  min timeout is detected - but nothing prevent the unprivileged user to
  DOS in a loop if he feels so inclined.)

  The reason is that journald uses inappropriate rules to decide if a
  file descriptor sent by a user is safe to read.

  [ IMO that such a "feature" (passing messages to log to journald by fd
  to regular files) exists at all should be questioned anyway, given the
  kind of impacts it can have on various aspects of the whole system
  (e.g.: the fd is completely read in a malloc'ed area, up to 750 MB) ]

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1514141/+subscriptions

References

[Bug 1514141] [NEW] unprivileged user can freeze journald
From: Guillaume Knispel, 2015-11-08