Crashing Systemd is just a tweet away

linux security

As reported by systems administrator Andrew Ayer, it is possible to crash the important Systemd function of Linux systems with a short sequence, which fits perfectly in the comment of a tweet.

At the moment, the systems that are affected by the bug are the Debian, Ubuntu and CentOS distributions and its derivatives. A security breach so important that it causes the process to hang and a pause call to the system.

The discovery of a potential error in systemd reveals that various server-oriented Linux distributions can get stuck with a simple command that attacks the system's PID 1 process. This process pauses system calls, making it impossible to start or stop any daemons.

Systemd is an essential part of any system and is related to the boot process of most Linux distributions. The attack command is so simple that barely takes up a tweet, platform that Ayer used to make this ruling public:

How to crash systemd in one Tweet: NOTIFY_SOCKET = / run / systemd / notify systemd-notify

After his execution, process PID 1 blocks system calls, type requests inetd-style stop processing and causes equipment instability (for example, processes ssh o su hang after just 30 seconds), also avoiding that it can be restarted.

Delving a little deeper into the problem, it really is ysstemd who has a design error, a problem that has lasted for more than 2 years in distributions of as much weight as Debian, CentOS or Ubuntu. As if that were not enough, the execution of the sentence does not require administrator privileges at any time of the machine.

The notice is already given and the only thing left is that the companies take action on the matter and solve it as soon as possible.


2 comments, leave yours

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   Luis said

    I still think that systemd was a bad idea. Good thing there is still a bit of coherence in the world of GNU / Linux from Devuan.

  2.   Mikel said

    I am waiting like May water for the stable version of Devuan. I have been about 3 years with Debian 7 without any problem.
    Since I installed Debian 8 with the systemd of yore: it hangs all the time, it overheats that you do not see the processor and the browser closes unexpectedly day after day. It seems to be in windows.