Skip to Content [alt-c]

Andrew Ayer

Sections

How to Crash Systemd in One Tweet

Comment by Reader nextime

Posted in reply to Comment by Reader Keith Curtis.

This comment is owned by whoever posted it. I am not responsible for it in any way.

parsing command line parameters isn't something people usually delegate to a separate process.

It isn't about parsing command line. It's about parsing text coming from an untrusted socket where anyone can write to, at runtime, in something that runs as PID 1. Not exactly the same thing.

Unfortunately, it also ignores all the great systemd security features it has added for the average Linux user (such as private tmp, and cgroups), and in fact all the other great features it has.

What it's debatable is that systemd add those things. I use private-tmp, namespaces, cgroups and more... and i don't have systemd installed in my system.

And anyway, cgroups are NOT a security feature; they can help to get a better security, but they aren't a security measure.

| Posted on 2016-09-29 at 00:44:19 UTC by Reader nextime | Parent | Reply to This

Post a Reply

Your comment will be public. If you would like to contact me privately, please email me. Please keep your comment on-topic, polite, and comprehensible. Use the "Preview" button to make sure your comment is properly formatted. Name and email address are optional. If you specify an email address it will be kept confidential.

Post Comment


(Optional; will be published)


(Optional; will not be published)


(Optional; will be published)


  • Blank lines separate paragraphs.
  • Lines starting with ">" are indented as block quotes.
  • Lines starting with two spaces are reproduced verbatim.
  • Text surrounded by *asterisks* is italicized.
  • Text surrounded by `back ticks` is monospaced.
  • URLs are turned into links.