Serious Systemd Bug Affects Several Linux Distros
Exploring the intricacies of Systemd calls in Linux is above my pay grade, but the way this latest discovery is described does not sound good; it's serious and apparently easy to invoke. What's worse, the bug affects multiple Linux distros, appears to be a rather obvious oversight AND has been floating around for a couple of years. That's more than a little unsettling.
Andrew Ayer[The command] sends a zero-length message to the world-accessible UNIX domain socket located at /run/systemd/notify. PID 1 receives the message and fails an assertion that the message length is greater than zero. Despite the banality, the bug is serious, as it allows any local user to trivially perform a denial-of-service attack against a critical system component.
The immediate question raised by this bug is what kind of quality assurance process would allow such a simple bug to exist for over two years (it was introduced in systemd 209). Isn't the empty string an obvious test case?