According to a recent blog post by Andrew Ayer, any user can crash systemd, the system and service manager in most Linux distros, with a single command:
- NOTIFY_SOCKET=/run/systemd/notify systemd-notify ""
On some systems, the command needs to be wrapped in a loop to work:
- while true; do NOTIFY_SOCKET=/run/systemd/notify systemd-notify ""; done
Executing one of these commands should cause general instability in the Linxu distro—if it's running systemd. The issue lies in a world writable socket at /run/systemd/notify. The systemd-notify command sends an empty value to the socket which then passes it to the init process. Systemd reads the empty value and fails an assertion statement, as seen in the code snippet below.
static void manager_invoke_notify_message(Manager *m, Unit *u, pid_t pid, const char *buf, size_t n, FDSet *fds) {
_cleanup_strv_free_ char **tags = NULL;
assert(m);
assert(u);
assert(buf);
assert(n > 0);
...
While Ayer claims that it works on any system using systemd, I was unable to get results on Ubuntu 16.04 with systemd version 229 using either of the commands. I then moved to Kali running systemd version 231 and executed the POC:
My system did in fact become unstable.
It seems that the system only becomes unstable in certain configurations. Unfortunately, at the time of writing, it is unknown why some systems become unstable and others do not. I would love to hear from any of our users running Linux as to whether the command has an effect, what issues it caused or didn't cause, and what version of systemd/distribution you are running.
3 Responses
I saw an article about this earlier today, but I don't understand why it's so special. Is it that any user can do it, not just root? I may be (probably) just missing the point.
Thanks
It's that any user can do it.
Ok, thanks
Share Your Thoughts