Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775458
Affects v228 and earlier versions
If you have a .socket and corresponding .service unit and the service has a Condition which isn't satisfied, triggering traffic on the socket will generate repeated start request. The rate limiting of systemd does not kick in here. This way you can easily DOS your system.
To reproduce, run the following steps
# cat <<EOF > /etc/systemd/system/test.socket
[Socket]
ListenStream=/run/test.ctl
EOF
# cat <<EOF > /etc/systemd/system/test.service
[Unit]
Requires=test.socket
ConditionPathExistsGlob=/tmp/nonexistent
[Service]
ExecStart=/bin/true
EOF
# systemctl daemon-reload
# systemctl start test.socket
# echo a | nc -U /run/test.ctl
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775458
Affects v228 and earlier versions
If you have a .socket and corresponding .service unit and the service has a Condition which isn't satisfied, triggering traffic on the socket will generate repeated start request. The rate limiting of systemd does not kick in here. This way you can easily DOS your system.
To reproduce, run the following steps