There's something that has been bugging me for a long time now.<p>I understand and appreciate the concept of DRY. I use it quite extensively when untangling ratty, convoluted code.<p>But when I see reports like this, and they seem to be coming more regularly these days, maybe there's something slightly wrong with collapsing all of the most critical code in our systems to a single point of failure a couple of bytes wide. If it's not an attacker, it's shitty SSDs, bad PSUs, brownouts, vacuum cleaners or cosmic rays.<p>I don't know what the solution is. Maybe copy all of the important bits early on. Maybe redundant execution with voting.<p>Related but an aside, it's almost perverse that the most important code in my day job is often the code we interact with the least. We spend all of our time and energy touching the inconsequential bits and almost none on the parts that matter the most. I had a situation a couple years ago where one of the bits of code I was most proud of writing, I couldn't recreate it by hand. It had been so long since I touched it that I was forgetting how it worked. All around a troubling realization.
It can't be exploited from remote, unless combined with a remote code execution vulnerability. An attack vector could be a "run as docker" application downloaded and run with the idea of sandboxing it. Any other attack scenarioes?