[mutter] window: Add a note about the trustworthiness of the client PID
- From: Florian Müllner <fmuellner src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [mutter] window: Add a note about the trustworthiness of the client PID
- Date: Thu, 21 May 2020 23:27:33 +0000 (UTC)
commit b97a6e62a39e7818bb4b401617221e0f262dfc6e
Author: Jonas Dreßler <verdre v0yd nl>
Date: Mon Apr 6 20:14:12 2020 +0200
window: Add a note about the trustworthiness of the client PID
Since PIDs are inherently insecure because they are reused after a
certain amount of processes was started, it's possible the client PID
was spoofed by the client.
So make sure users of the meta_window_get_pid() API are aware of those
issues and add a note to the documentation that the PID can not be
totally trusted.
https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/1180
src/core/window.c | 3 +++
1 file changed, 3 insertions(+)
---
diff --git a/src/core/window.c b/src/core/window.c
index d7faf00fc..24403b79f 100644
--- a/src/core/window.c
+++ b/src/core/window.c
@@ -7590,6 +7590,9 @@ meta_window_get_transient_for (MetaWindow *window)
* Returns the pid of the process that created this window, if available
* to the windowing system.
*
+ * Note that the value returned by this is vulnerable to spoofing attacks
+ * by the client.
+ *
* Return value: the pid, or 0 if not known.
*/
pid_t
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]