Bug#955330: iproute2: corrupted output of "altname"
maz at kernel.org
Mon Apr 20 15:49:21 BST 2020
On 2020-04-20 12:39, Luca Boccassi wrote:
> On Mon, 2020-04-20 at 09:29 +0100, Marc Zyngier wrote:
>> Hi all,
>> I just managed to track this down to systemd-udev.
> You are indeed right, thanks for the analysis.
> Upstream bug: https://github.com/systemd/systemd/issues/15232
> Upstream fix: https://github.com/systemd/systemd/pull/15300
> Introduced by:
Ah, nice one. You'd hope the compiler would scream at that.
> I'll leave it to the systemd maintainers to decide whether to backport
> a fix or wait for a new release.
Given that this leaks data from a process running as root, and makes
it visible to unprivileged users, I would say that patching it seems
to be the sensible course of action.
But this depends on how bullseye is supported security-wise. Maybe it
doesn't matter as long as nobody puts it in production... ;-)
Jazz is not dead. It just smells funny...
More information about the Pkg-systemd-maintainers