#nixos-security on 2020-12-18

2020-11-04 15:50 andi- changed the topic of #nixos-security to: Vulnerability Roundup Issues: https://github.com/NixOS/nixpkgs/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+Vulnerability+roundup + https://broken.sh | Currently supported releases: unstable (master), 20.09, 20.03 (until 27th of November)

00:28 supersandro2000 has quit [Disconnected by services]

00:28 supersandro2000 has joined #nixos-security

01:03 {^_^} has joined #nixos-security

01:07 star_cloud has quit [Ping timeout: 268 seconds]

01:08 justanotheruser has quit [Ping timeout: 268 seconds]

01:19 star_cloud has joined #nixos-security

01:21 rajivr has joined #nixos-security

01:26 star_cloud has quit [Ping timeout: 240 seconds]

01:28 star_cloud has joined #nixos-security

01:38 star_cloud has quit [Excess Flood]

01:39 star_cloud has joined #nixos-security

02:10 gchristensen has joined #nixos-security

03:08 glowpelt has quit [Max SendQ exceeded]

03:09 glowpelt has joined #nixos-security

05:15 justanotheruser has joined #nixos-security

06:24 cole-h has quit [Ping timeout: 264 seconds]

07:27 anselmolsm has quit [Remote host closed the connection]

07:29 anselmolsm has joined #nixos-security

08:54 anselmolsm has quit [Remote host closed the connection]

08:58 anselmolsm has joined #nixos-security

09:41 anselmolsm_ has joined #nixos-security

09:41 anselmolsm has quit [Ping timeout: 268 seconds]

09:45 anselmolsm_ has quit [Remote host closed the connection]

09:47 anselmolsm_ has joined #nixos-security

12:02 star_cloud has quit [Ping timeout: 260 seconds]

13:40 star_cloud has joined #nixos-security

15:56 red[evilred] has joined #nixos-security

15:56 <red[evilred]> huh

15:56 <red[evilred]> something just caused systemd to SEGV

15:58 <red[evilred]> https://gist.github.com/redvers/a49eb025ea15074894b2f2fd58653701

15:58 <red[evilred]> that's new

15:59 <red[evilred]> nice - now I can't reboot:

16:04 <red[evilred]> Okay - so this is interesting...

16:04 * red[evilred] uploaded an image: image.png (68KiB) < https://evil.red:8448/_matrix/media/r0/download/evil.red/pwETXbPLbszotwdSlDazmKPu/image.png >

16:05 <red[evilred]> someone connected on my high ssh port

16:05 <red[evilred]> and apparently caused systemd to crash

16:09 __red__ has quit [Ping timeout: 256 seconds]

16:09 red[evilred] has quit [Ping timeout: 264 seconds]

16:10 bridge[evilred] has quit [Ping timeout: 264 seconds]

16:14 bridge[evilred] has joined #nixos-security

16:15 __red__ has joined #nixos-security

16:16 <__red__> so - I don't know for sure if my matrix server passed this on or not

16:16 <__red__> but apparently - someone connected to my sshd server and caused systemd to SEGV

16:17 <tilpner> Yes, up until "and apparently caused systemd to crash"

16:17 <__red__> Okay -

16:17 <__red__> it was my matrix node, so I didn't know if it made it or if anyone replied

16:17 <__red__> thank you

16:18 <__red__> Gonna assume neutrino unless I see it again

16:18 anselmolsm has joined #nixos-security

16:18 anselmolsm_ has quit [Ping timeout: 240 seconds]

16:18 <__red__> but it's a first for me for sure

16:18 <tilpner> Yeah, it looks very odd. So no ECC then?

16:19 red[evilred] has joined #nixos-security

16:19 <red[evilred]> it's a digital ocean VM

16:19 <red[evilred]> so I would have hoped so

16:19 <red[evilred]> the timing is what worries me

16:19 <tilpner> https://www.digitalocean.com/community/questions/what-sort-of-redundancy-power-disk-memory-etc-is-built-into-the-host-server?answer=44683

16:29 <tilpner> red[evilred]: Apparently that's a user-mode pagefault, so a bitflip in a pointer might do it. But DO says they use ECC. Unless you have that coredump, maybe run online memcheck?

16:31 <red[evilred]> where would systemd put its core files? / ?

16:33 <tilpner> I'm not sure what the errors mean, the whole "dumping: No such process" thing is confusing me

16:34 <tilpner> ls -t /var/lib/systemd/coredumps

16:34 <red[evilred]> yup - got one

16:35 <tilpner> Or find / -name \*32640\*

16:35 <red[evilred]> core.systemd.0.832d7e879c8d4a5d9ca6a8e0221a8da4.32640.1608218689000000.lz4: LZ4 compressed data (v1.4+)

16:35 <red[evilred]> so, uncompress it

16:36 <tilpner> Now there's the only the hard part left, making sense of it \o/

16:36 <red[evilred]> gdb /path/to/systemd /path/to/coredump

16:36 <red[evilred]> and backtrace?

16:36 <red[evilred]> (it's been a while)

16:37 <red[evilred]> well, looks like I have my morning project :-)

16:37 <tilpner> Yeah, something like that

16:40 <red[evilred]> umm

16:40 <red[evilred]> I think that core file is a trap:

16:40 <red[evilred]> core.systemd.0.832d7e879c8d4a5d9ca6a8e0221a8da4.32640.1608218689000000.lz4

16:40 <red[evilred]> Dictionary size: 1026 MB (2^30 bytes)

16:40 <red[evilred]> Uncompressed size: 8762807027734 MB (9188469141913302864 bytes)

16:41 <red[evilred]> need a bigger disk

16:41 <red[evilred]> 8.7PB core file if my math is correct

16:41 <tilpner> Does coredumpctl debug do anything else?

16:42 <red[evilred]> oh - never heard of that

16:42 <red[evilred]> ah - that worked

16:43 * red[evilred] uploaded an image: image.png (183KiB) < https://evil.red:8448/_matrix/media/r0/download/evil.red/JWIJGAdIdEmeVGOxoqJQBKjY/image.png >

16:44 <red[evilred]> yeah - don't know I can do anything with that

16:44 <tilpner> thread apply all bt

16:44 <tilpner> (in case it has multiple threads. I've never tried that with coredumps)

16:45 * red[evilred] uploaded an image: image.png (71KiB) < https://evil.red:8448/_matrix/media/r0/download/evil.red/ZhHDSDphebNFUgCJitkunbAI/image.png >

16:46 cole-h has joined #nixos-security

17:53 rajivr has quit [Quit: Connection closed for inactivity]

19:21 star_cloud has quit [Ping timeout: 268 seconds]

19:27 star_cloud has joined #nixos-security

19:46 red[evilred] has quit [Quit: Idle timeout reached: 10800s]

20:15 cole-h has quit [Quit: Goodbye]

21:10 star_cloud has quit [Ping timeout: 240 seconds]

23:18 star_cloud has joined #nixos-security