:: Re: [DNG] ..is systemd a factor her…
Top Page
This message is part of the following thread:
M+\the complete thread tree sorted by date
MMMArnt Karlsen at <-
Simon Walter at ->
Delete this message
Reply to this message
Author: Bruce Perens
Date:  
To: Arnt Karlsen
CC: dng
Subject: Re: [DNG] ..is systemd a factor here? Nasty regreSSHion bug in OpenSSH puts roughly 700K Linux boxes at risk, Full system takeovers on the cards, for those with enough patience to pull it off
They called non-re-entrant-safe functions from an asynchronous signal
handler.

It's not a sure thing to exploit, does indeed take patience due to timing
limitations.

It really makes me think it's worthwhile to write security code in Rust. It
would be hard to goof that way in a language that enforces concurrency-safe
code.

On Mon, Jul 1, 2024 at 9:15 PM Arnt Karlsen <arnt@???> wrote:

> Hi,
>
> ..is systemd a factor here? Nasty regreSSHion bug in OpenSSH puts
> roughly 700K Linux boxes at risk, Full system takeovers on the cards,
> for those with enough patience to pull it off:
> https://www.theregister.com/2024/07/01/regresshion_openssh/?td=rt-3a
>
> --
> ..med vennlig hilsen = with Kind Regards from Arnt Karlsen
> ...with a number of polar bear hunters in his ancestry...
> Scenarios always come in sets of three:
> best case, worst case, and just in case.
> _______________________________________________
> Dng mailing list
> Dng@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
>


--
Bruce Perens K6BP
This message was posted to the following mailing lists:
dng
Mailing List Info | Nearby Messages		<-[DNG] ..is systemd a factor here? Nasty regreSSHion bug in OpenSSH puts roughly 700K Linux boxes at risk, Full system takeovers on the cards, for those with enough patience to pull it off[DNG] CVE-2024-6387->

Donate to Dyne.org

dyne.org open discussions
administrated by dyne.org hackers		Lurker (version 2.3)