tech2 News StaffOct 03, 2016 17:08:01 IST
A system administrator, Andrew Ayer discovered a crippling bug while working with his Linux System. He reported the issue at length in a blogpost pointing out how anyone could crash Systemd by one single tweet. The system will not collapse as soon as the tweet is rendered on screen by the system. Instead, what it meant was that any Linux distribution could be crippled by a command that can fit into one tweet. He even posted a tweet with the command to prove his point.
How to crash systemd in one Tweet:
NOTIFY_SOCKET=/run/systemd/notify systemd-notify ""https://t.co/9HNVhEoeYs
— Andrew Ayer (@__agwa) September 28, 2016
According to the blog post and report by TeckLyfe.com, the bug has existed for more than two years without being noticed by developers and system administrators around the world. The most striking aspect of the bug is that it can cripple the system without any need for root access. On running ' NOTIFY_SOCKET=/run/systemd/notify systemd-notify "" ,' anyone can hang a Linux system using the simple command.
Some Linux systems did not crash using the command. However, addition of 'While true' loop resulted in the systems crashing as reported in the blogpost. According to the post, both these commands hang PID 1 in pause system call, the system does not respond to incoming requests or connections. To simply, your system stops responding and freezes. The worst part of the entire system is that you can't reboot it properly, and even after reboot, the system feels unstable.
Linux distributions like Ubuntu, Debian and CentOS, are affected by this bug. Ubuntu released a security update last week patching this bug, as detailed on the website. Andrew pointed out that Systemd has fundamental problems where developers have unnecessarily made the PID 1 complex. What makes it a cause of concern is the fact that it runs in the root directory.
Find our entire collection of stories, in-depth analysis, live updates, videos & more on Chandrayaan 2 Moon Mission on our dedicated #Chandrayaan2TheMoon domain.