Skip to main content

Linux systems susceptible to crashes from tweet sized command

(Image credit: Image Source: Profit_Image / Shutterstock)

A new vulnerability has been discovered that could shut down most Linux systems using a command short enough to fit in a Tweet.

The Linux administrator and founder of the security certificate company SSLMate, Andrew Ayer discovered the bug which has the potential to kill a number of critical commands while making others unstable just by entering the short command: NOTIFY_SOCKET=/run/systemd/notify systemd-notify””

Ayer described the severity of the bug in an advisory, saying: “All of this can be caused by a command that's short enough to fit in a Tweet. The bug is serious, as it allows any local user to trivially perform a denial-of-service attack against a critical system component.”

The reason he has decided to disclose the bug publicly was to bring further attention to problems with a widely used component in Linux called sytemd that Ayer believes is “defective by design.” However, others believe disclosing such a bug without first contacting systemd's developers was irresponsible. Ayer was critical of systemd for being overly complex and made the argument that Linux developers have “fallen behind other operating systems in writing secure and robust software.” Most major Linux distributions have adopted the software and use it as their default initialisation system which has stirred up controversy with a number of people in the Linux community.

Critics of systemd have taken issue with the fact that distributions often have to add it to their version of the Linux operating system as other popular software depends upon it.
 Ayer took further issue with the way in which systemd compromises security practices, saying: “Systemd is dangerous not only because it is introducing hundreds of thousands of lines of complex C code without any regard to longstanding security practices like privilege separation or fail-safe design, but because it is setting itself up to be irreplaceable.”

As of this time, a patch (opens in new tab) for the issue Ayer discovered has been released on the GitHub code repository that appears to work on some systems through the use of a while true loop. 

Image Source: Profit_Image / Shutterstock

After getting his start at ITProPortal and then working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches to how to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.