>>> Reindl Harald <h.reindl@xxxxxxxxxxxxx> schrieb am 14.08.2019 um 12:22 in Nachricht <13150bf2-e0c9-063a-9026-ac95c1fda7ce@xxxxxxxxxxxxx>: > > Am 14.08.19 um 12:10 schrieb Ulrich Windl: >>>>> Michael Chapman <mike@xxxxxxxxxxxxxxxxx> schrieb am 14.08.2019 um 11:47 in >>> That's all true, but the thing we need to check here is that systemd >>> correctly handles junk on the /run/systemd/private socket. The change on >>> the systemctl side certainly tries to prevent incorrect data being sent >>> down the socket -- though it looks like there's several ways in which >>> fd_move_above_stdio() can fail, so this isn't foolproof -- but we need to >>> ensure that some _malicious_ client can't DoS systemd. >> >> I don't want to contradict in principle, but doesn't "private socket" mean > it's intended to be used by systemd only? Of course being root allows you to > use any socket... > > may is ask you to read the thread you are responding to? > nobody is touching the private socket Then why care about "junk on the /run/systemd/private socket."? > > -------- Weitergeleitete Nachricht -------- > Betreff: Re: systemd's connections to /run/systemd/private ? > Datum: Tue, 13 Aug 2019 17:50:56 -0400 > Von: Brian Reichert <reichert@xxxxxxxxxxx> > An: Zbigniew J??drzejewski-Szmek <zbyszek@xxxxxxxxx> > Kopie (CC): systemd-devel@xxxxxxxxxxxxxxxxxxxxx > This is sufficient to reproduce the effect of increasing the number > of file descriptors open to /run/systemd/private; at least, on my > box, in it's current state: > > sh -c 'exec 1>&-; /usr/bin/systemctl status ntpd.service' > > We have cronjob that closes STDOUT, remaps STDERR to a log file, > and runs this systemctl command. In my environment, this one-liner > will cause that FD count to go up by, 100% reproducible > _______________________________________________ > systemd-devel mailing list > systemd-devel@xxxxxxxxxxxxxxxxxxxxx > https://lists.freedesktop.org/mailman/listinfo/systemd-devel _______________________________________________ systemd-devel mailing list systemd-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Antw: Re: Antw: Re: systemd's connections to /run/systemd/private ?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Antw: Re: Antw: Re: systemd's connections to /run/systemd/private ?
- From: "Ulrich Windl" <Ulrich.Windl@xxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 14 Aug 2019 14:59:53 +0200
- In-reply-to: <F3FBFDBB02000041C7BD709A@gwsmtp.uni-regensburg.de>
- References: <20190801140444.GA17099@in.waw.pl> <20190801152834.GC17099@in.waw.pl> <20190801164854.GH56323@numachi.com> <20190801191820.GD17099@in.waw.pl> <20190813215056.GS56323@numachi.com> <alpine.LFD.2.21.1908141812120.3528@beren.home> <alpine.LFD.2.21.1908141843200.3528@beren.home> <20190814093421.GC10516@gardel-login> <alpine.LFD.2.21.1908141941560.3528@beren.home> <3DE697460200008EE0F313E1@gwsmtp.uni-regensburg.de> <3FF89945020000E7BD14A6D2@gwsmtp.uni-regensburg.de> <5DD4AF5C020000A2E0F313E1@gwsmtp.uni-regensburg.de> <77DE9D53020000CBBD14A6D2@gwsmtp.uni-regensburg.de> <7DECA75E0200008EE0F313E1@gwsmtp.uni-regensburg.de> <77D6AD510200005FBD14A6D2@gwsmtp.uni-regensburg.de> <5C06877C02000079E0F313E1@gwsmtp.uni-regensburg.de> <D08C6C2E020000C5729955D1@gwsmtp.uni-regensburg.de> <C890713A020000FD729955D1@gwsmtp.uni-regensburg.de> <91E8AE3F020000E3D68BC3D5@gwsmtp.uni-regensburg.de> <E89C693A02000046729955D1@gwsmtp.uni-regensburg.de> <5D53DE07020000A100032E83@gwsmtp.uni-regensburg.de> <13150bf2-e0c9-063a-9026-ac95c1fda7ce@thelounge.net> <E89C693A02000046729955D1@gwsmtp.uni-regensburg.de> <5D53DE07020000A100032E83@gwsmtp.uni-regensburg.de> <F3FBFDBB02000041C7BD709A@gwsmtp.uni-regensburg.de>
- Follow-Ups:
- Re: Antw: Re: Antw: Re: systemd's connections to /run/systemd/private ?
- From: Reindl Harald
- Re: Antw: Re: Antw: Re: systemd's connections to /run/systemd/private ?
- References:
- Re: systemd's connections to /run/systemd/private ?
- From: Zbigniew Jędrzejewski-Szmek
- Re: systemd's connections to /run/systemd/private ?
- From: Brian Reichert
- Re: systemd's connections to /run/systemd/private ?
- From: Michael Chapman
- Re: systemd's connections to /run/systemd/private ?
- From: Michael Chapman
- Re: systemd's connections to /run/systemd/private ?
- From: Lennart Poettering
- Re: systemd's connections to /run/systemd/private ?
- From: Michael Chapman
- Antw: Re: systemd's connections to /run/systemd/private ?
- From: Ulrich Windl
- Re: Antw: Re: systemd's connections to /run/systemd/private ?
- From: Reindl Harald
- Re: systemd's connections to /run/systemd/private ?
- Prev by Date: Re: systemd's connections to /run/systemd/private ?
- Next by Date: Re: Antw: Re: Antw: Re: systemd's connections to /run/systemd/private ?
- Previous by thread: Re: Antw: Re: systemd's connections to /run/systemd/private ?
- Next by thread: Re: Antw: Re: Antw: Re: systemd's connections to /run/systemd/private ?
- Index(es):
 |