[systemd-devel] Malicious tests?

Colin Guthrie gmane at colin.guthr.ie
Mon Jan 27 03:18:06 PST 2014


'Twas brillig, and Tom Horsley at 27/01/14 00:44 did gyre and gimble:
> Does systemd have any tests for malicious behavior?
> 
> People sending bazillions of dbus requests? People
> sending random nonsense dbus requests? I'm just asking
> because you gotta know someone is gonna do it if you
> don't do it first :-).
> 
> I also find that merely sending two systemctl
> disable commands in quick succession totally borks
> my fedora 20 system, so there's your first
> malicious test that doesn't even need a new program
> or script written...

I've documented that problem in earlier comments on that bug as to why
systemctl disable does this.

See: https://bugzilla.redhat.com/show_bug.cgi?id=1043212#c19

It's due to chkconfig shelling out to "systemctl daemon-reload" but also
systemctl doing it and thus causing two reloads in very quick
succession, which triggers the serialisation race (it also re-runs
Type=oneshot services which seems wrong to me, but need to clarify)

I've documented the problem quite thoroughly both here and on that bug
and implemented several workarounds, but the underlying problem is
definitely a serious one and one I'll be discussing it with Lennart and
Zbigniew (aka haranguing them!) on Thursday/Friday.

I can reproduce the problem very easily on my system, so that's half the
battle. Sadly simple containers with little real world units seem to
avoid the problems. But I'm sure there will be some kind of fix for this
over the next week or so.

Col

-- 

Colin Guthrie
gmane(at)colin.guthr.ie
http://colin.guthr.ie/

Day Job:
  Tribalogic Limited http://www.tribalogic.net/
Open Source:
  Mageia Contributor http://www.mageia.org/
  PulseAudio Hacker http://www.pulseaudio.org/
  Trac Hacker http://trac.edgewall.org/


More information about the systemd-devel mailing list