On Fr, 28.01.22 12:25, Florian Weimer (fweimer(a)redhat.com) wrote:
>> One issue is that it's harder to prevent other users
from doing execve
>> than it's denying them access to some IPC service. In this sense, SUID
>> programs are more robust.
> Well, that's precisely the problem that PK was supposed to address,
> but then it descended down the JS rabbit hole...
Not sure if we are talking about the same thing. I meant flooding the
local socket (or similar) with requests, not access control.
Well, making socket services scalable is not entirely trivial, but i
figure the number of parallel connections a Linux system should be
able to handle is still higher than the number of processes it allows
to run in parallel...
Lennart Poettering, Berlin