Reply to post: I don't follow...

Don't panic, but Linux's Systemd can be pwned via an evil DNS query

Martyn Welch

I don't follow...

Can you explain to me your rationale for believing that "you can take down the entire OS via the init with a malicious dns response" when systemd-resolved is quite clearly a separate binary from that running as init and has also dropped its privileges and is running as a non-root user?:

# ps | grep init

1 root 7824 S {systemd} /sbin/init ldb

1108 root 2696 S grep init

# readlink -f /sbin/init

/usr/lib/systemd/systemd

# readlink -f /usr/lib/systemd/systemd-resolved

/usr/lib/systemd/systemd-resolved

# ps | grep systemd-resolved

359 systemd- 5816 S /usr/lib/systemd/systemd-resolved

1097 root 2696 S grep systemd-resolved

# cat /etc/passwd | grep systemd-resolve

systemd-resolve:x:231:231:systemd-resolve:/:/bin/nologin

systemd-resolve:x:231:

# cat /etc/group | grep systemd-resolve

systemd-resolve:x:231:

#

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon