Fanbois huh? vi or emacs? I'm going to be critical here - it is rare that you have personal choice over the tools your system uses. Do the job in front of you. If that means you support windows ME as a security portal(!), that's what you do... at least until you find a better job. On Thu, Sep 29, 2016 at 12:21 PM, Russell Coker via luv-main < luv-main@luv.asn.au> wrote:
On Thursday, 29 September 2016 11:08:00 AM AEST Tim Connors via luv-main wrote:
Stop using it! And that part is easy, just run
NOTIFY_SOCKET=/run/systemd/notify systemd-notify ""
in a while 1 loop as an ordinary user.
https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet
(user_t:SystemLow-s0:c0.c100)root@play:~# NOTIFY_SOCKET=/run/systemd/ notify systemd-notify "" -bash: systemd-notify: command not found (user_t:SystemLow-s0:c0.c100)root@play:~# ls -l /bin/systemd-notify ls: cannot access /bin/systemd-notify: Permission denied (user_t:SystemLow-s0:c0.c100)root@play:~#
The Jessie SE Linux policy doesn't permit this. So my SE Linux Play Machine would be resistant to this attack even if it had a /run/systemd/notify socket.
A system configured as a test Play Machine running Debian/Unstable has /run/ systemd/notify but unprivileged users (even as root) are not permitted to access it. So even if a hostile user compiled their own systemd-notify program or copied it in from another system it still wouldn't do any good.
The "targeted" policy (the default) would permit this though.
-- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/
_______________________________________________ luv-main mailing list luv-main@luv.asn.au https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-main
-- Dr Paul van den Bergen