DigiNews

Summary

The article argues that GNU IFUNC played a central role in CVE-2024-3094 and highlights supply-chain risks arising from how Linux distributions patch OpenSSH via SystemD. It explains how IFUNC can execute code during dynamic linking, undermining security guarantees like RELRO, and advocates disabling IFUNC by default while exploring safer alternatives. The piece uses diagrams and references to support its case and calls for broader discussion on these risks.