As we all know that Linux is the most secure and reliable operating system currently available in the world of technology, as it has very few flaws and bugs. But, recently a system controller Andrew Ayer stated that now you can crash Linux Systemd just with a single Tweet.
Now You Can Crash Linux Systemd With A Single Tweet
Linux is one of the terms used to refer to the combination of the core or kernel free similar to Unix called Linux with the operating system GNU. Its development is one of the most prominent examples of free software, as all its source code can be used, modified and redistributed freely by anyone under the terms of the GPL and a number of free licenses.
Initially, it was started in 1983 by Richard Stallman, with 11 aims to develop a complete operating system similar to Unix and composed entirely of free software. The history of the Linux kernel is strongly linked to the GNU project. In 1991 Linus Torvalds began work on a non-commercial replacement for MINIX 12 that later became Linux.
However, Linux can be used in both graphical environment and in console mode as well. The console is common in distributions for the servers, while the graphical interface is user-oriented for the both home and business. Basically, we all know that Linux is the most secure and reliable operating system currently available in the world of technology, as it has very few flaws and bugs.
So, what if I say you all that now you can crash any Linux OS with just a single tweet. Yes, it might sound little crazy and may you all think that what crap am I talking. But, hold on, as I am not talking any crap, yes, a security researcher known as “Andrew Ayer” has discovered that a single command line is enough to crash the popular Systemd feature in Linux.
System controller Andrew Ayer stated that “After running this command, PID 1 is hung in the pause system call. You can no longer start and stop daemons. inetd-style services no longer accept connections. You cannot cleanly reboot the system”.
As stated by the bug report, Debian, Ubuntu, and CentOS are amid the distros vulnerable to various levels of resource enervation. The bug, which already existed for more than two years, usually it doesn’t require any type of root access to exploit.
Here is the brief statement of the System controller Andrew Ayer:-
“If a potential hacker runs this command, PID 1 is hung in the pause system call. As a result, you can no longer start and stop daemons while the Linux inetd-style services no longer accept connections. The vulnerability is so critical that you cannot cleanly reboot the system”.
How to crash systemd in one Tweet:
NOTIFY_SOCKET=/run/systemd/notify systemd-notify ""https://t.co/9HNVhEoeYs
— Andrew Ayer (@__agwa) September 28, 2016
“Systemd’s problems run far deeper than this one bug. Systemd is defective by design. Writing bug-free software is extremely difficult. Even good programmers would inevitably introduce bugs into a project of the scale and complexity of systemd. However, good programmers recognize the difficulty of writing bug-free software and understand the importance of designing software in a way that minimizes the likelihood of bugs or at least reduces their impact”.
“It is not too late to stop this. Although almost every Linux distribution now uses systemd for their init system, init was a soft target for systemd because the systems they replaced were so bad”.
“Systemd offers very few compelling features over existing implementations, but does carry a large amount of risk. If you’re a system administrator, resist the replacement of existing services and hold out for replacements that are more secure. If you’re an application developer, do not use systemd’s non-standard interfaces. There will be better alternatives in the future that are more secure than what we have now. But adopting them will only be possible if systemd has not destroyed the modularity and standards-compliance that make innovation possible”.
Click here to read the full bug report.