Hacker News new | past | comments | ask | show | jobs | submit login

As far as I understand, you need to be root (or another privileged user) who has write access to /etc/init. Conclusion: You can bring down a machine with superuser privileges. Breaking.



Except:

1. Apparently it watches all of /etc, not just /etc/init,

2. Which means that writing large-enough config changes in some part of /etc you thought was completely unrelated to init can unexpectedly take down your box.

That's not good, and not something that can be dismissed as "of course superusers can turn the box off".


Boy oh boy the responses to this are frustrating. (And we wonder why everything is broken and shitty.)


Yeah, this reminds me of a similar article from the same source (IIRC) about "issues" with disabling the oom-killer and replacing it with your own. Interesting, probably something that needs to be addressed, but not necessarily a game changer as the article would have you believe.

What really caught my eye is that this affected a newer init system, specifically because it was more dynamic (using inotify), which has been a goal of many init replacements. I'm curious if this affects other init systems, specifically old init or systemd. Or if you could find similar attacks against other init systems.


You can set this up as an unprivileged user in any directory you have access to. Just use inotifywait to configure your own inotify triggers first.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: