[mutter] window: Add a note about the trustworthiness of the client PID

From: Florian Müllner <fmuellner src gnome org>
To: commits-list gnome org
Cc:
Subject: [mutter] window: Add a note about the trustworthiness of the client PID
Date: Thu, 21 May 2020 23:27:33 +0000 (UTC)

commit b97a6e62a39e7818bb4b401617221e0f262dfc6e
Author: Jonas Dreßler <verdre v0yd nl>
Date:   Mon Apr 6 20:14:12 2020 +0200

    window: Add a note about the trustworthiness of the client PID
    
    Since PIDs are inherently insecure because they are reused after a
    certain amount of processes was started, it's possible the client PID
    was spoofed by the client.
    
    So make sure users of the meta_window_get_pid() API are aware of those
    issues and add a note to the documentation that the PID can not be
    totally trusted.
    
    https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/1180

 src/core/window.c | 3 +++
 1 file changed, 3 insertions(+)
---
diff --git a/src/core/window.c b/src/core/window.c
index d7faf00fc..24403b79f 100644
--- a/src/core/window.c
+++ b/src/core/window.c
@@ -7590,6 +7590,9 @@ meta_window_get_transient_for (MetaWindow *window)
  * Returns the pid of the process that created this window, if available
  * to the windowing system.
  *
+ * Note that the value returned by this is vulnerable to spoofing attacks
+ * by the client.
+ *
  * Return value: the pid, or 0 if not known.
  */
 pid_t

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]