]> git.ipfire.org Git - thirdparty/systemd.git/commit
projects / thirdparty / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 008798e) | patch
core: only allow systemd-oomd to use SubscribeManagedOOMCGroups 24919/head
authorAnita Zhang <the.anitazha@gmail.com>
Wed, 5 Oct 2022 08:40:40 +0000 (01:40 -0700)
committerAnita Zhang <the.anitazha@gmail.com>
Fri, 14 Oct 2022 16:57:59 +0000 (09:57 -0700)
commit284212893b537ae51ca6286bc26b8f1cb0ec69fd
tree5c740bce2e21fb32d4a074ee0e601f621dcb45e1tree | snapshot
parent008798e90c8e05e02a2226c4d1804fd6d1353b1bcommit | diff
core: only allow systemd-oomd to use SubscribeManagedOOMCGroups

Attempt to address
https://github.com/systemd/systemd/issues/20330#issuecomment-1210028422.

Summary of the comment: Unprivileged users can potentially cause a denial of
service during systemd-oomd unit subscriptions by spamming requests to
SubscribeManagedOOMCGroups. As systemd-oomd.service is the only unit that
should be accessing this method, add a check on the caller's unit name to deter
them from successfully using this method.
src/core/core-varlink.c diff | blob | blame | history
src/shared/varlink.h diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.