Serious Systemd Bug Affects Several Linux Distros

Exploring the intricacies of Systemd calls in Linux is above my pay grade, but the way this latest discovery is described does not sound good; it's serious and apparently easy to invoke. What's worse, the bug affects multiple Linux distros, appears to be a rather obvious oversight AND has been floating around for a couple of years. That's more than a little unsettling.
[The command] sends a zero-length message to the world-accessible UNIX domain socket located at /run/systemd/notify. PID 1 receives the message and fails an assertion that the message length is greater than zero. Despite the banality, the bug is serious, as it allows any local user to trivially perform a denial-of-service attack against a critical system component.

The immediate question raised by this bug is what kind of quality assurance process would allow such a simple bug to exist for over two years (it was introduced in systemd 209). Isn't the empty string an obvious test case?
Andrew Ayer

Comments

  1. Anything can sound serious if it is exaggerated clickbait. Here's my response and a link to an informed rebuttal in this stupid holy war: http://www.johndstech.com/2016/linux/system-init/systemd-wars-continues-notify-and-pid-1/

    ReplyDelete

Post a Comment

Popular posts from this blog

VPN Use Is Up, Up, Up

Microsoft's Mild Mea Culpa Over Windows 10 Obscure Upgrade "Choice"

Q4OS Linux On An Old Windows Laptop