Don’t Ever Run This Line Of Code If You Don’t Want To Crash Your Linux System

linux-system-crash

A developer named Andrew Ayer pointed out a bug in Systemd which could be used to cause a denial-of-service last week. He wrote about a single-line command which even a novice Linux user could use to crash Systems on his Linux distort in a post titled “How to crash Systemd in one tweet”.

crash-systemd

“You can no longer start and stop daemons. inetd-style services no longer accept connections. You cannot cleanly reboot the system. The system feels generally unstable (e.g. ssh and su hang for 30 seconds since Systemd is now integrated with the login system). All of this can be caused by a command that’s short enough to fit in a Tweet.”

Ubuntu quickly released a fix on the 29th of September, the same day the vulnerability was reported. According to Pantheon co-founder, David Timothy Strauss, in a Medium post, wrote that the “Systemd team has recently patched a local denial of service vulnerability affecting the notification socket”, calling Ayer’s blog post an “opportunity to throw a fresh tantrum about Systemd”.

Strauss considers Ayer’s claims as either wrong or misleading writing that “it’s a tantrum when you use a minor security issue as justification to rant about everything remotely related to Systemd and insist on radical changes (throwing out systemd) to address what are mostly fixable quibbles — at least the quibbles that were based on facts or good judgment in the first place”.

Ayer was quick to write a response to Strauss’ analysis to which Strauss replied in the post: Ayer vs. systemd, Part 4. These guys have been lifting weights on their arguments in the Systemd debate.

The author of the musl library, Rich Felker, told Threatpost that the findings Ayer made throw light on a much bigger picture but his finding is not particularly a serious vulnerability. Saying, “Systemd is not designed to be broken down into small parts that can safely fail and recover from both a security point of view and a robustness standpoint”.

He added that “you’ve got one big monolithic process where if one thing breaks the whole thing goes down. That’s the big design problem Ayer is shedding light on. It’s not a big security flaw, it’s a system development design flaw”.

About The Author
Okoi Martins Jr.
I'm a Computer Scientist with a passion for learning new things in fields ranging from theoretical implications of computer science and mathematical modeling to web development and music. In my spare time, I listen to music, read like a compiler, and learn like an A.I algorithm.

Leave a Response