Enforce that calling CheckAuthorization() with pidfd also is passed a uid
When unix-process is used and a uid is not passed, it will be derived from the running process. But this is racy, as the identity can change over time (e.g.: setuid binaries can be exec'ed). If the caller can securely fetch the pidfd of a process (e.g.: via SO_PEERPIDFD), then it can also securely fetch the uid (e.g.: via SO_PEERCRED), so enforce that they are passed together to avoid possible races, in case a polkit rule performs authorization based on the uid. Follow-up for 374a6280
Showing
- data/org.freedesktop.PolicyKit1.Authority.xml 1 addition, 1 deletiondata/org.freedesktop.PolicyKit1.Authority.xml
- docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml 1 addition, 1 deletion...ocbook-interface-org.freedesktop.PolicyKit1.Authority.xml
- src/polkit/polkitsubject.c 9 additions, 0 deletionssrc/polkit/polkitsubject.c
Please register or sign in to comment