Hi Paul Am 07.10.25 um 15:13 schrieb Paul Tagliamonte:
On Tue, Oct 07, 2025 at 08:26:08AM -0400, Michael Stone wrote:I assume this is yet another case where something was de facto taken over by systemd and then arbitrarily shitcanned when the systemd folks lost interest.This was an intentional change; upstream systemd views this mechanism as inherently insecure (they're not wrong) and defaulted permissions to a more secure baseline to force migrations to existing, established, mature alternatives (like flock).
Inherently insecure in what way specifically?Are you referring to the /run DoS I mentiond in [0]. Or do you have something else in mind?
I think we all agree, that there are superior locking mechanisms available and we would like to see those being used instead. That doesn't magically fix existing software though and fwiw I agree with the CTTE decision here. Even if we have the same goal, the transition plan we choose can be different from what systemd upstream has decided on.
Regards, Michael [0] https://lists.debian.org/debian-devel/2025/10/msg00113.html
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature