Hacker News new | past | comments | ask | show | jobs | submit login

Disclaimer: I know nothing about the particular bug. Postel's Law has its tradeoffs, and its fuzzy lines are a nice place for security issues to arise.



For sure, there are limits. In this particular case, maybe we say that SystemD shouldn't support weird usernames beginning with numbers, but the other half of the law should still apply. The conservative emission would be logging an error message, not running that unit file as root.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: