Because Poettering and his fanboys like it, and nobody's implemented anything sufficiently better to overcome the political sway of the freedesktop.org crowd.
Sorry, but this is not a standard TCP payload. I think the bug is in the library that made the packet, not with systemd. They should fix their library.
"A malicious DNS server can exploit this by responding with a specially crafted TCP payload to trick systemd-resolved in to allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it."
When your program doesn't handle a malformed input, and this leads to a buffer overflow, it's your fault. When this program is something as important as systemd, the problem is even worse.
Anything Internet-facing has to accept any kind of packet without crashing, or at least without failing in an exploitable way. That's the bare minimum you-must-be-this-tall entry requirement of security.
I misparsed this as "A bug regarding an OOB write in systemd has been resolved by deployment of a crafted TCP payload" and was hoping for a legendary tale of deeply grey-hat infrastructure hack-patching.
25 comments
[ 5.9 ms ] story [ 88.4 ms ] threadThe patch resolves the resolver. Heh.
If any Rustafarians start such an effort, please make some noise about it.
Re-writing things in a memory safe language takes a lot of time. And that's even if the language is stable and available cross-platform.
When your program doesn't handle a malformed input, and this leads to a buffer overflow, it's your fault. When this program is something as important as systemd, the problem is even worse.
My deepest apologies to HN for the overly-dry sense of humor.
Frankly the more i look at things, the more i find a small group of people at the RH German office to be the source of recent turmoil.