Following reports of a local privilege exploit in early December, the Fedora developers are looking at ways to use systemd's security features to mitigate attacks against the distribution's software. The idea is to use systemd to limit the damage a misbehaving (or hijacked) program can do. LWN reports: "The AF_PACKET local privilege escalation (also known as CVE-2016-8655) has been fixed by most distributions at this point; stable kernels addressing the problem were released on December 10. But, as a discussion on the fedora-devel mailing list shows, systemd now provides options that could help mitigate CVE-2016-8655 and, more importantly, other vulnerabilities that remain undiscovered or have yet to be introduced. The genesis for the discussion was a blog post from Lennart Poettering about the RestrictAddressFamilies directive, but recent systemd versions have other sandboxing features that could be used to head off the next vulnerability. Fedora project leader Matthew Miller noted the blog post and wondered if the RestrictAddressFamilies directive could be more widely applied in Fedora. That directive allows administrators to restrict access to the network address families a service can use." The work Fedora is planning to do to secure services will likely be transferable to other Linux distributions which also run systemd.