Skip to Content [alt-c]

Andrew Ayer

Sections

How to Crash Systemd in One Tweet

Comment by Anonymous

This comment is owned by whoever posted it. I am not responsible for it in any way.

As a security analyst for a Fortune 50 company, you can bet I'll be trying this formally. A rogue employee DoSing a system? That's a big problem for us. We throw a lot of money at Red Hat; a hole like this would set off a lot of panic for our IT teams, and some of that will be aimed at RH. Getting an unprivileged shell prompt isn't all that hard, sadly. Parlaying that into a DoS with a short one-liner is a HUGE issue. Strauss' reply isn't reassuring, it's frightening... and will likely make its way into my gap writeup, so the CISO can consider it. Our business is all about managing risk, and it sounds like Red Hat's systemd team is taking, and exposing us to, unnecessary risk.

| Posted on 2016-10-02 at 17:31:43 UTC by Anonymous | Reply to This

Post a Reply

Your comment will be public. If you would like to contact me privately, please email me. Please keep your comment on-topic, polite, and comprehensible. Use the "Preview" button to make sure your comment is properly formatted. Name and email address are optional. If you specify an email address it will be kept confidential.

Post Comment


(Optional; will be published)


(Optional; will not be published)


(Optional; will be published)


  • Blank lines separate paragraphs.
  • Lines starting with ">" are indented as block quotes.
  • Lines starting with two spaces are reproduced verbatim.
  • Text surrounded by *asterisks* is italicized.
  • Text surrounded by `back ticks` is monospaced.
  • URLs are turned into links.