Originally posted by JS987
View Post
The important thing is, first, determining the the level of exploits are made accessible by attacking pid 1. Then, the second step is, what is the total attack surface of the system that may result in this level of exploit. That's the surfaces you have to compare, not just a single component. You cannot compare a single link of a whole chain when determining the chain's strength.
If your exploit is crashing the system, or getting root access, or evading a container, the surfaces involved are muuuch bigger than 10 or 300kb anyway, and it's not even quite clear that they are bigger with systemd.
Leave a comment: