DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 1st July 2017
Maxnix's Avatar
Maxnix Maxnix is offline
Port Guard
 
Join Date: Feb 2016
Posts: 28
Default Linux's Systemd can be pwned via an evil DNS query

This is the systemd DNS service that Poettering & co. recommended to use...
https://www.theregister.co.uk/2017/0..._by_dns_query/

Some others considerations about resolvd from Andrew Ayer's blog:
Quote:
DNS is a complicated, security-sensitive protocol. In August 2014, Lennart Poettering declared that "systemd-resolved is now a pretty complete caching DNS and LLMNR stub resolver." In reality, systemd-resolved failed to implement any of the documented best practices to protect against DNS cache poisoning. It was vulnerable to Dan Kaminsky's cache poisoning attack which was fixed in every other DNS server during a massive coordinated response in 2008 (and which had been fixed in djbdns in 1999). Although systemd doesn't force you to use systemd-resolved, it exposes a non-standard interface over DBUS which they encourage applications to use instead of the standard DNS protocol over port 53. If applications follow this recommendation, it will become impossible to replace systemd-resolved with a more secure DNS resolver, unless that DNS resolver opts to emulate systemd's non-standard DBUS API.
__________________
The world doesn't live off jam and fancy perfumes - it lives off bread and meat and potatoes. Nothing changes. All the big fancy stuff is sloppy stuff that crashes. I don't need dancing baloney - I need stuff that works. -- Theo de Raadt
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Linux greybeards release beta of systemd-free Debian fork comet--berkeley Other BSD and UNIX/UNIX-like 0 29th April 2016 09:47 PM
Is OpenBSD adopting Linux's systemd? cravuhaw2C OpenBSD General 8 19th September 2015 03:03 PM
Stallman: Did I say Jobs was evil? I meant really evil. J65nko News 1 30th October 2011 08:18 PM
pftop state query. bsdnewbie999 OpenBSD General 1 10th April 2009 03:33 AM
Directory query delboy FreeBSD General 6 8th September 2008 01:51 PM


All times are GMT. The time now is 09:38 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick