Hello, I've been studying the documentation of S6. I see that s6-svscan has been designed so that it can run as init (PID==1), and there's a note that most opendir() implementations use malloc, so it may be possible to leak memory.
To protect against this I'm pondering to use suckless init (sinit) as PID 1, and have it spawn something supervising s6-svscan. My understanding is that sinit won't be able to leak memory in userspace. The problem I see is that s6-supervise also uses opendir() and so it's not suitable to supervise s6-svscan. If a suitable sinit -> supervisor -> s6-svscan chain could be made, it takes a little extra memory and boot-up time, but should mean that if opendir() leaks memory an s6-svscan dies, then the leaked memory will be recovered and the supervisor could restart s6-svscan. I think it would be worth the trade-off of always using a little extra resources to get the extra protection. Does it seem wise? Am I overlooking things or misunderstanding things? If it makes a difference I plan to use musl libc. Thanks, Berne
