Re: [systemd-devel] About systemd call dbus session bus

Lennart Poettering Wed, 11 Feb 2015 10:30:50 -0800

On Fri, 06.02.15 14:11, Mantas Mikulėnas (graw...@gmail.com) wrote:

> On Fri, Feb 6, 2015 at 2:02 PM, Simon McVittie <
> simon.mcvit...@collabora.co.uk> wrote:
> 
> > On 06/02/15 03:32, 张洋 wrote:
> >
> >> dbus-daemon --session --print-address --fork > /tmp/session_amgr
> >>
> >
> > This is a security flaw (the search keywords to look for are "symlink
> > attack").
> >
> 
> True, although systemd sets fs.protected_symlinks=1 by default, which
> should guard against that.


It's still a DoS, even then.

Lennart

-- 
Lennart Poettering, Red Hat
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] About systemd call dbus session bus

Reply via email to