Skip to Content [alt-c]
In reply to Comment by Reader Keith Curtis
parsing command line parameters isn't something people usually delegate to a separate process.
It isn't about parsing command line. It's about parsing text coming from an untrusted socket where anyone can write to, at runtime, in something that runs as PID 1. Not exactly the same thing.
Unfortunately, it also ignores all the great systemd security features it has added for the average Linux user (such as private tmp, and cgroups), and in fact all the other great features it has.
What it's debatable is that systemd add those things. I use private-tmp, namespaces, cgroups and more... and i don't have systemd installed in my system.
And anyway, cgroups are NOT a security feature; they can help to get a better security, but they aren't a security measure.
Reply
Your comment will be public. To contact me privately, email me. Please keep your comment polite, on-topic, and comprehensible. Your comment may be held for moderation before being published.
Your Name: (Optional; will be published)
Your Email Address: (Optional; will not be published)
Your Website: (Optional; will be published)
>
monospaced
Post a Reply
Your comment will be public. To contact me privately, email me. Please keep your comment polite, on-topic, and comprehensible. Your comment may be held for moderation before being published.