On Mon, 14 Feb 2022 at 22:29:29 +0100, Salvatore Bonaccorso wrote: > Simon, Michael opinions on the DSA need? *If* it's automatically > restarted after crash, then we can schedule the fixes via the upcoming > point releases IMHO.
I can't say much about the impact of a vulnerability that doesn't have a patch or any details available, but if it's literally just running out of fd space and crashing, that's pretty weak even as an attack on availability. polkitd is D-Bus-activated on-demand, so a crash should just inconvenience people who are actively trying to authenticate at that moment: the next time a client tries to contact polkit, systemd (if used) or dbus-daemon (if using other init systems) will relaunch polkitd automatically before delivering the message. smcv