[svlug] (forw) [DNG] Linux system can be brought down by sending SIGILL to Systemd

Rick Moen rick at linuxmafia.com
Sat May 25 01:18:48 PDT 2019

Quoting Michael Eager (eager at eagerm.com):

> What happened with the idea that if you are running as root you can 
> break the system?  

Nothing.  I don't want to seem confrontational about this, Michael, but
it seems like you missed the point, which is:

> If you don't want it broken, don't do stupid shit.

Running /bin/kill as the root user, one should not have to worry about
the system falling over just because the kill command processed to the
PID1 process a request to produce a non-existent signal.  As the
original poster mentioned in passing, /bin/kill operates via the kill(2)
syscall, which is _specifically_ documented as deliberately producing no
effect if the referenced signal doesn't exist.  You may recall that he
quoted from the kill(2) man page:

            The  only  signals  that  can be sent to process ID 1, the 
            process, are those for which init has explicitly installed sig‐ 
            nal handlers.  This is done to assure the system is not brought
            down accidentally.

Please notice the concluding sentence, there.  What occurs if you fumble
typing and mistakenly ask the systemd init process to issue an 'ILL'
signal (instead of a 'KILL' one) _should never happen_.  Irrespective of
whether you're the UID0 user.

Expecting tools not to blow up contrary to their documentation and take
down the entire system is not 'doing stupid shit'.  You shouldn't have
to fear shrapnel just because you ran 'cd' as root, and it shouldn't
happen just because you ran /bin/kill, either.

Yes, the root privilege is deliberately dangerous.  But it shouldn't 
be accidentally fatal to the system just from carrying out a routine
operation that's documented to _not_ do that.

More information about the svlug mailing list