max connections per control group (cgroup)
Colin Walters
walters at verbum.org
Fri Aug 8 05:53:23 PDT 2014
On Fri, Aug 8, 2014, at 07:01 AM, Alban Crequy wrote:
>
> But then, the max_connections_per_cgroup limit would not provide
> anything that is not already covered by the existing
> max_connections_per_user limit.
There is a subtle difference which is setuid binaries. Right now a
malicious person can easily take up all uid 0 owned connections by
spawning many instances of "pkexec".
(Debatable whether any setuid binaries using dbus should exist - but an
interesting point here is that all root-owned processes spawned from
pkexec would also be restricted by the login slice).
> It also bothers me that if dbus-daemon cuts the cgroup path with depth=2
> to get "/user.slice/user-1000.slice", it would be dependent on the way
> systemd organises the cgroups. Systemd's configuration could change and
> if dbus-daemon hard-codes depth=2, we will have unforeseen effects.
Yeah, I would say if we chose to do this, it would be systemd specific.
Theoretically the right way would be listening to logind, which makes
the whole thing start to get quite circular... kdbus can't come fast
enough =)
More information about the dbus
mailing list