Bug#837183: systemd: unprivileged call to systemd-resolve starts systemd-resolved even when masked
Brian Kroth
bpkroth at gmail.com
Fri Sep 9 23:20:33 BST 2016
Michael Biebl <biebl at debian.org> 2016-09-09 23:33:
>Am 09.09.2016 um 22:47 schrieb Brian Kroth:
>> Package: systemd
>> Version: 230-7~bpo8+2
>> Severity: normal
>> Tags: security
>>
>> Dear Maintainer,
>>
>> systemd appears to start systemd-resolved, even when it's been masked,
>> in the background even when an unprivileged user calls systemd-resolve.
>>
>> However, calls to start the service manually via systemctl are rejected
>> (correctly).
>>
>> This seems like an error and a potential security issue.
>>
>> Details on my test and setup are as follows. Let me know if you have
>> any questions or need any other information.
>
>I assume you have libnss-resolve installed and enabled (in /etc/nsswitch)?
No:
# grep '^[^#]' /etc/nsswitch.conf
passwd: files ldap
group: files ldap
shadow: files
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: files
More information about the Pkg-systemd-maintainers
mailing list