Not really sure, what a sane minimal description would be. Feel free to mention that usage guidance is out of scope/should be done by third parties.
Notably for unix are broken unix process and signaling control with fun fact that cgroups were written to reliably signal processes and only the second version can do it atomically.
The article mentions how it can be partially fixed on Linux in a non-portable way.
See also https://github.com/catern/supervise.
The other very big security hole by design is shell (escape codes in files, implementations, timing attacks of protocols like ssh etc) protocol families.
Not really sure, what a sane minimal description would be. Feel free to mention that usage guidance is out of scope/should be done by third parties.
Notably for unix are broken unix process and signaling control with fun fact that cgroups were written to reliably signal processes and only the second version can do it atomically.
The article mentions how it can be partially fixed on Linux in a non-portable way.
See also https://github.com/catern/supervise.
The other very big security hole by design is shell (escape codes in files, implementations, timing attacks of protocols like ssh etc) protocol families.