| systemd does not have such functionality. You have not read the headlined message correctly. Rather, it has functionality to "touch" files in sensitive places, and a bug that meant that they were made world-writable, world-executable, and set-UID. The headlined message alludes to the various uses of this touch function that expose such files to the world to be exploited in certain circumstances, which (amongst others) are: * timestamp files for timer units * device tags files in systemd-udev * /run/udev/queue * timestamp files used by timesyncd * private devices, bind mounts, and mirrored /etc/resolv.conf created by systemd-nspawn * "linger" flags used by systemd-logind * temporary files used by "systemctl edit" * All sorts of flag files: /run/systemd/journal/flushed , /run/systemd/quotacheck , /run/systemd/show-status , /run/systemd/first-boot |
* bad luck so a signedness issue doesn't cause a warning
* the use of the worst possible value as the invalid value
* no testing
* no defense in depth: no other component in the system appears to notice a file with such a dangerous mode set