Bug#766938: systemd: network-pre.target doesn't seem to be guaranteed to run before the network is up

Christoph Anton Mitterer calestyo at scientia.net
Mon Oct 27 02:09:56 GMT 2014 

Package: systemd
Version: 215-5+b1
Severity: important
Tags: security


Hi.

Maybe I just miss something, but AFAIU, network-pre.target is not guaranteed
to run before any networking is brougt up (which is the whole point of
network-pre.target).

network.target has an After= on network-pre.target, but network.target itself
isn't what brings the network up, right? Instead ifup at .service does that which
has a Before= on network.target.

Doesn't that mean that there is no guarantee that network-pre.target "runs"
before ifup at .service?

Therefore there is no guarantee that any services that bring up the firewall
are run before and iface is brought up, which in case should make this issue
security relevant. Depending on the other rules of a system there may be a
short or even longer period between an iface being brougt up and firewall rules
loaded by a unit file, that trusts in network-pre.target.


Cheers,
Chris.


-- Package-specific info:

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_DE.utf8, LC_CTYPE=en_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages systemd depends on:
ii  acl             2.2.52-2
ii  adduser         3.113+nmu3
ii  initscripts     2.88dsf-57
ii  libacl1         2.2.52-2
ii  libaudit1       1:2.4-1
ii  libblkid1       2.25.2-2
ii  libc6           2.19-12
ii  libcap2         1:2.24-6
ii  libcap2-bin     1:2.24-6
ii  libcryptsetup4  2:1.6.6-3
ii  libgcrypt20     1.6.2-4
ii  libkmod2        18-3
ii  liblzma5        5.1.1alpha+20120614-2
ii  libpam0g        1.1.8-3.1
ii  libselinux1     2.3-2
ii  libsystemd0     215-5+b1
ii  sysv-rc         2.88dsf-57
ii  udev            215-5+b1
ii  util-linux      2.25.2-2

Versions of packages systemd recommends:
ii  dbus            1.8.8-2
ii  libpam-systemd  215-5+b1

Versions of packages systemd suggests:
ii  systemd-ui  3-2

-- Configuration Files:
/etc/systemd/logind.conf changed [not included]

-- no debconf information

More information about the Pkg-systemd-maintainers mailing list