[systemd-devel] About systemd call dbus session bus
Lennart Poettering
lennart at poettering.net
Wed Feb 11 10:29:35 PST 2015
On Fri, 06.02.15 14:11, Mantas Mikulėnas (grawity at gmail.com) wrote:
> On Fri, Feb 6, 2015 at 2:02 PM, Simon McVittie <
> simon.mcvittie at collabora.co.uk> wrote:
>
> > On 06/02/15 03:32, 张洋 wrote:
> >
> >> dbus-daemon --session --print-address --fork > /tmp/session_amgr
> >>
> >
> > This is a security flaw (the search keywords to look for are "symlink
> > attack").
> >
>
> True, although systemd sets fs.protected_symlinks=1 by default, which
> should guard against that.
It's still a DoS, even then.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list