On Wednesday, July 28th, 2021 at 12:30, Carsten Haitzler <ras...@rasterman.com> 
wrote:

> On Wed, 28 Jul 2021 09:51:53 +0000 Simon Ser cont...@emersion.fr said:
>
> > Please read the (lengthy) discussion at 1.
> > In particular, the "get_credentials → PID → executable path" lookup is
> > racy. PID re-use allows a malicious process to be recognized as another
> > executable.
>
> That is true - but only at cusp points - e.g. PID has exited, but socket has
> not been detected as dead yet and PID was recycled. I you do the lookup then,
> it'd be a problem.
>
> If you do the lookup first on initial connect, then ensure you do at least one
> round-trip to client (send something, it sends back a reply), then that lookup
> would be valid

Nope. The PID returned by libwayland is the one that bound the socket.
So if you create the socket, fork, bind it in the child, exit the
child, then on the compositor side you'll see a socket which belongs to
a PID which no longer exists. Wait until a privileged client re-uses
that PID, and boom.
_______________________________________________
wayland-devel mailing list
wayland-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/wayland-devel

Reply via email to