Hi! Ran into https://www.exploit-db.com/exploits/43935/ today... Upstream patch https://github.com/poettering/systemd/commit/c0ad68f8fdf10b486d99d55942215bce38665564 Upstream report https://github.com/systemd/systemd/issues/7736
No unaffected version in Gentoo repo yet hence bug summary change. @maintainers, Upstream 237 version contains fix as noted by Sebastian.
(In reply to Aaron Bauman from comment #1) > @maintainers, Upstream 237 version contains fix as noted by Sebastian. Seems like the was cherry-picking involved. This is the commit included with v237: https://github.com/systemd/systemd/commit/5579f85663d10269e7ac7464be6548c99cea4ada
I believe this issue does not affect systemd in its default configuration on Gentoo. I am therefore in no hurry to backport the fix or to stabilize a newer version.
There were some other tmpfiles changes in the PR that could complicate a cherry-pick, but a backport is overkill regardless. You have to go out of your way to disable a sysctl whose sole purpose is to protect you from things like this. A more important fix is targeted for v238; this one just happened to land right as v237 was cut.
(In reply to Mike Gilbert from comment #3) > I believe this issue does not affect systemd in its default configuration on > Gentoo. I am therefore in no hurry to backport the fix or to stabilize a > newer version. Agreed. This is simply hardening for our systemd users who may decide to disable protected hardlinks.
Mitigated by fs.protected_hardlinks wrt bug #540006.