If the hypervisor or any of its components are exposed to the Internet
Lemme stop you right there, wtf are you doing exposing that to the internet...
(This is directed at the article writer, not OP)
CameronDev
joined 1 year ago
Doesn't even startup on my box, but doesn't crash the kernel or system either, just regular application crash
Kernel shouldn't crash, and anything running in memory will be okayish, but it definitely will get less and less stable. It won't be possible to start new processes.
I have a Linux install on a USB SSD with a flakey connection, if I bumped the cord the root would unmount. It was fairly resilient, but graphics would slowly start disappearing. I'm fairly sure I could cleanly reboot as long as I had a terminal open, but its been a while, so maybe I'm misremembering.
Still, the overall system becomes pretty useless, so i guess its fair to call it a crash
There are rust libraries to send signals, might be better to use those rather than calling bash. eg. https://docs.rs/nix/latest/nix/sys/signal/index.html
I'm guessing if input was "", then it would sigkill all processes? Less confident, but some functions behave slightly differently in an interactive console vs a non interactive, maybe ps has a different format when used non interactively?
Aside, you want three backticks and a newline to get code formatting :)
Ah, that definitely would feel like a crash. Sent kill signal to cgroup accidentally? Or just iterate over all processes and signal them all?
OPs example was task management, which doesn't require kernel modules.
Doesn't explain OPs task management example. And won't crash the kernel, just make things unresponsive
That won't crash your kernel, and I was more curious about the OPs example. Task management is basically reading some files, and sending signals, it should be near impossible to crash the system.
How are you crashing your system?! Crashing program sure, but the entire system?
The malware argument is a bit weak, if your router is vulnerable to something it'll likely be found and pwnd in a matter of minutes, so turning it off a night won't really save you. And once a patch is released, it'll be reverse engineered in a few hours/days, so ideally you want patches as soon as they are released.
Using your own device is usually a good idea anyway, telco stuff is usually pretty mediocre. And as soon as your device is slightly custom, it becomes a less valuable target.
Sure, but the author makes it sounds like thats its their standard way of doing things, which is insane.
And if you do have a misconfiguration, the rational thing is to fix that, not dump the entire platform.