[systemd-devel] Antw: Re: systemd's connections to /run/systemd/private ?
Michael Chapman
mike at very.puzzling.org
Wed Aug 14 10:41:08 UTC 2019
On Wed, 14 Aug 2019, Reindl Harald wrote:
> Am 14.08.19 um 12:10 schrieb Ulrich Windl:
> >>>> Michael Chapman <mike at very.puzzling.org> schrieb am 14.08.2019 um 11:47 in
> >> That's all true, but the thing we need to check here is that systemd
> >> correctly handles junk on the /run/systemd/private socket. The change on
> >> the systemctl side certainly tries to prevent incorrect data being sent
> >> down the socket -- though it looks like there's several ways in which
> >> fd_move_above_stdio() can fail, so this isn't foolproof -- but we need to
> >> ensure that some _malicious_ client can't DoS systemd.
> >
> > I don't want to contradict in principle, but doesn't "private socket" mean it's intended to be used by systemd only? Of course being root allows you to use any socket...
>
> may is ask you to read the thread you are responding to?
> nobody is touching the private socket
systemctl will mostly use /run/systemd/private when run as root.
More information about the systemd-devel
mailing list