On Wed, 14 Aug 2019, Lennart Poettering wrote: > Quite frankly, invoking generic UNIX programs with fds < 3 closed is a > really bad idea in general. That systemctl nowadays is particularly > careful and deals with situations like that is not an invitation to > actually invoke things like this. After all UNIX guarantees that > open() (and the other calls that allocate an fd) allocated the lowest > available one, hence they will necessarily step into > stdin/stdout/stderr territory when invoked with any of those fds > closed. > > Hence: your code that closes fd1 like this is simply buggy. Don't do > that, you are shooting yourself in the foot. And even if newer > systemctl will handle cases like this more gracefully pretty much any > other tool you might call will break in some form or another too, > since a simple printf() will already spill into the wrong fds in that > case. > > Lennart That's all true, but the thing we need to check here is that systemd correctly handles junk on the /run/systemd/private socket. The change on the systemctl side certainly tries to prevent incorrect data being sent down the socket -- though it looks like there's several ways in which fd_move_above_stdio() can fail, so this isn't foolproof -- but we need to ensure that some _malicious_ client can't DoS systemd. _______________________________________________ systemd-devel mailing list systemd-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: systemd's connections to /run/systemd/private ?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: systemd's connections to /run/systemd/private ?
- From: Michael Chapman <mike@xxxxxxxxxxxxxxxxx>
- Date: Wed, 14 Aug 2019 19:47:37 +1000 (AEST)
- Cc: systemd-devel@xxxxxxxxxxxxxxxxxxxxx
- In-reply-to: <20190814093421.GC10516@gardel-login>
- References: <20190801140444.GA17099@in.waw.pl> <20190801143004.GF56323@numachi.com> <20190801145105.GB17099@in.waw.pl> <20190801151458.GG56323@numachi.com> <20190801152834.GC17099@in.waw.pl> <20190801164854.GH56323@numachi.com> <20190801191820.GD17099@in.waw.pl> <20190813215056.GS56323@numachi.com> <alpine.LFD.2.21.1908141812120.3528@beren.home> <alpine.LFD.2.21.1908141843200.3528@beren.home> <20190814093421.GC10516@gardel-login>
- User-agent: Alpine 2.21 (LFD 202 2017-01-01)
- Follow-Ups:
- Re: systemd's connections to /run/systemd/private ?
- From: Lennart Poettering
- Re: systemd's connections to /run/systemd/private ?
- References:
- Re: systemd's connections to /run/systemd/private ?
- From: Zbigniew Jędrzejewski-Szmek
- Re: systemd's connections to /run/systemd/private ?
- From: Brian Reichert
- Re: systemd's connections to /run/systemd/private ?
- From: Michael Chapman
- Re: systemd's connections to /run/systemd/private ?
- From: Michael Chapman
- Re: systemd's connections to /run/systemd/private ?
- From: Lennart Poettering
- Re: systemd's connections to /run/systemd/private ?
- Prev by Date: Re: systemd's connections to /run/systemd/private ?
- Next by Date: Antw: Re: systemd's connections to /run/systemd/private ?
- Previous by thread: Re: systemd's connections to /run/systemd/private ?
- Next by thread: Antw: Re: systemd's connections to /run/systemd/private ?
- Index(es):
 |