On 2020-04-20 12:39, Luca Boccassi wrote:
On Mon, 2020-04-20 at 09:29 +0100, Marc Zyngier wrote:
Hi all,
I just managed to track this down to systemd-udev.
[...]
You are indeed right, thanks for the analysis.
Upstream bug: https://github.com/systemd/systemd/issues/15232
Upstream fix: https://github.com/systemd/systemd/pull/15300
Introduced by:
https://github.com/systemd/systemd/commit/ef1d2c07f9567dfea8a4e012d8779a4ded2d9ae6
Ah, nice one. You'd hope the compiler would scream at that.
I'll leave it to the systemd maintainers to decide whether to backport
a fix or wait for a new release.
Given that this leaks data from a process running as root, and makes
it visible to unprivileged users, I would say that patching it seems
to be the sensible course of action.
But this depends on how bullseye is supported security-wise. Maybe it
doesn't matter as long as nobody puts it in production... ;-)
Thanks,
M.
--
Jazz is not dead. It just smells funny...
