Monday, October 3, 2016

Why security stinks, part 4,927,831

Linux has a reputation for strong security (which is why I run it on the Castle Borepatch supercomputers).  But even Linux isn't free from boneheaded security problems:
"After running this command, PID 1 is hung in the pause system call. You can no longer start and stop daemons. inetd-style services no longer accept connections. You cannot cleanly reboot the system." According to the bug report, Debian, Ubuntu, and CentOS are among the distros susceptible to various levels of resource exhaustion. The bug, which has existed for more than two years, does not require root access to exploit.
The discussion thread gives a really good overview of why computer security stinks.  Essentially, a simple and secure but basic bouts routine got replaced by a feature-rich but complicated one.  Unsurprisingly, the complicated replacement has a grotesque security problem.

Complexity is the enemy of security, and developers are racing to add complexity.  You can estimate where that will lead us ...

UPDATE 3 October 2016 11:24:  It's actually even worse than I had thought.  System implements the DNS protocol, but never implemented the DNS recommended best security practices.  Idiots.  This sums it up for me, too:
And folks wonder why I hate SystemD with a passion… Designed wrong, implemented badly, doing things it ought not do, in ways that are broken. And that’s just at first glance… now we know that anyone can hang your system in a non-recoverable state and the DNS can be poisoned. Oh Joy. /sarc;
Complexity is not Security's friend.


Knitebane said...

Most of us in userland didn't want systemd to begin with.

The primary reason that the major distros went ahead with it appears to be, "Because shut up.."

The PID1 problem has been known for years. We told them so.

Borepatch said...

We like fast, stable, and secure. But it looks like a lot of programmers don't think that this is the path to Eternal Fame.

cryptical said...

It sounds to me like fuzzing everything that systemd touches will be a money-making strategy for the zero-day vendors for the foreseeable future.

knirirr said...

Once again I am pleased to recall that I don't run systemd on my servers (Gentoo, but this is academia so I can get away with it).