You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
An additional benefit of doing this without linking to systemd is that we no longer depend on systemd (and include no automagic) in certain bulid paths, making distribution of binary packages in downstream distributions (like Gentoo), which may use systemd or another init system, more straightforward.
In the past, I have been telling anyone who wanted to listen that if all you want is sd_notify() then don't bother linking to libsystemd, since the protocol is stable and should be considered the API, not our C wrapper around it. After all, the protocol is so trivial that one can explain it in one sentence: send an AF_UNIX datagram containing READY=1 to a socket whose path you find in the $NOTIFY_SOCKET env var.
But apparently turning that sentence (which appears in similar fashion in the man page) into code is not trivial, hence this new example code.
Hence, copy away, the thing is MIT licensed. And the protocol has been stable for a decade, and I am pretty sure it's going to remain stable for another decade at least.
Describe the bug
Here we link against systemd to provide sd-notify capabilities.
clamav/common/misc.h
Lines 45 to 47 in 8317780
This has since been identified as a mechanism that has the potential to be exploited.
We should replace this with a shim a-la OpenSSH:
https://github.com/openssh/openssh-portable/blob/603193e32aef5db7d60c58066d5de89806e79312/openbsd-compat/port-linux.c#L322
Sd-notify spec: https://www.freedesktop.org/software/systemd/man/latest/sd_notify.html
The text was updated successfully, but these errors were encountered: