Re: [DNG] ..is systemd a factor here? Nasty regreSSHion bug in OpenSSH puts roughly 700K Linux boxes at risk, Full system takeovers on the cards, for those with enough patience to pull it off

Autor: Bruce Perens
Datum:
To: Arnt Karlsen
CC: dng
Betreff: Re: [DNG] ..is systemd a factor here? Nasty regreSSHion bug in OpenSSH puts roughly 700K Linux boxes at risk, Full system takeovers on the cards, for those with enough patience to pull it off

They called non-re-entrant-safe functions from an asynchronous signal
handler.

It's not a sure thing to exploit, does indeed take patience due to timing
limitations.

It really makes me think it's worthwhile to write security code in Rust. It
would be hard to goof that way in a language that enforces concurrency-safe
code.

On Mon, Jul 1, 2024 at 9:15 PM Arnt Karlsen <arnt@???> wrote:

> Hi,
>
> ..is systemd a factor here? Nasty regreSSHion bug in OpenSSH puts
> roughly 700K Linux boxes at risk, Full system takeovers on the cards,
> for those with enough patience to pull it off:
> https://www.theregister.com/2024/07/01/regresshion_openssh/?td=rt-3a
>
> --
> ..med vennlig hilsen = with Kind Regards from Arnt Karlsen
> ...with a number of polar bear hunters in his ancestry...
> Scenarios always come in sets of three:
> best case, worst case, and just in case.
> _______________________________________________
> Dng mailing list
> Dng@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
>

--
Bruce Perens K6BP

Diese Nachricht ist Teil des folgenden Threads:
	Der komplette Thread sortiert nach Datum
	Arnt Karlsen am
	Simon Walter am

Donate to Dyne.org