Despite the open availability of its code, hacking Linux platform is quite tough for novices. However, a short Systemd command has now emerged online to let anyone cripple your Linux system.
System administrator Andrew Ayer has discovered the tiny command that can fit in a single 140-character tweet but affects various Linux distributions including CentOS, Debian and CentOS. The command is capable of collapsing the Linux system the moment it appears on the screen — without requiring root access. Interestingly, this bug is not new and has lived hiddenly for more than two years.
How to crash systemd in one Tweet:
NOTIFY_SOCKET=/run/systemd/notify systemd-notify “”https://t.co/9HNVhEoeYs
— Andrew Ayer (@__agwa) September 28, 2016
“The immediate question raised by this bug is what kind of quality assurance process would allow such a simple bug to exist for over two years,” writes Ayer, while describing the Systemd command in a detailed blog post.
It has found that the single command is not affecting all Linux systems in the same manner. While it simply hangs PID 1 in pause system call in some instances, the addition of ‘while true’ loop makes the system crippled in all other cases.
Canonical recently released a security update that patched Systemd to resist the system crippling bug in Ubuntu 16.04 LTS. Likewise, CentOS, Debian and other popular Linux distributions are expected to receive similar over-the-air fixes in the coming future.
In the meantime, Arey advised developers to avoid using some non-standard interfaces of Systemd to get a clean, bug-free experience.