On Thursday, 29 September 2016 11:08:00 AM AEST Tim Connors via luv-main wrote: > Stop using it! And that part is easy, just run > > NOTIFY_SOCKET=/run/systemd/notify systemd-notify "" > > in a while 1 loop as an ordinary user. > > https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet
(user_t:SystemLow-s0:c0.c100)root@play:~# NOTIFY_SOCKET=/run/systemd/notify systemd-notify "" -bash: systemd-notify: command not found (user_t:SystemLow-s0:c0.c100)root@play:~# ls -l /bin/systemd-notify ls: cannot access /bin/systemd-notify: Permission denied (user_t:SystemLow-s0:c0.c100)root@play:~# The Jessie SE Linux policy doesn't permit this. So my SE Linux Play Machine would be resistant to this attack even if it had a /run/systemd/notify socket. A system configured as a test Play Machine running Debian/Unstable has /run/ systemd/notify but unprivileged users (even as root) are not permitted to access it. So even if a hostile user compiled their own systemd-notify program or copied it in from another system it still wouldn't do any good. The "targeted" policy (the default) would permit this though. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/ _______________________________________________ luv-main mailing list luv-main@luv.asn.au https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-main
