Am 10.09.2016 um 00:20 schrieb Brian Kroth: > Michael Biebl <bi...@debian.org> 2016-09-09 23:33: >> Am 09.09.2016 um 22:47 schrieb Brian Kroth: >>> Package: systemd >>> Version: 230-7~bpo8+2 >>> Severity: normal >>> Tags: security >>> >>> Dear Maintainer, >>> >>> systemd appears to start systemd-resolved, even when it's been masked, >>> in the background even when an unprivileged user calls systemd-resolve. >>> >>> However, calls to start the service manually via systemctl are rejected >>> (correctly). >>> >>> This seems like an error and a potential security issue. >>> >>> Details on my test and setup are as follows. Let me know if you have >>> any questions or need any other information. >> >> I assume you have libnss-resolve installed and enabled (in >> /etc/nsswitch)? >
Oh, I guess I have an idea what's happening. systemd-resolve triggers the start via D-Bus activation. /usr/share/dbus-1/system-services/org.freedesktop.resolve1.service has SystemdService=dbus-org.freedesktop.resolve1.service dbus-org.freedesktop.resolve1.service is a symlink to systemd-resolved.service So, you'll also need to mask that name, i.e dbus-org.freedesktop.resolve1.service If you do that, can you still trigger the start via systemd-resolve? -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
