Skip to content
Snippets Groups Projects
  1. Mar 16, 2024
  2. Feb 23, 2024
  3. Jan 21, 2024
  4. Jan 18, 2024
  5. Jan 17, 2024
  6. Dec 21, 2023
    • Luca Boccassi's avatar
      Enforce that calling CheckAuthorization() with pidfd also is passed a uid · 9295e289
      Luca Boccassi authored
      When unix-process is used and a uid is not passed, it will be derived from
      the running process. But this is racy, as the identity can change over
      time (e.g.: setuid binaries can be exec'ed). If the caller can securely
      fetch the pidfd of a process (e.g.: via SO_PEERPIDFD), then it can also
      securely fetch the uid (e.g.: via SO_PEERCRED), so enforce that they are
      passed together to avoid possible races, in case a polkit rule performs
      authorization based on the uid.
      
      Follow-up for 374a6280
      9295e289
  7. Dec 14, 2023
  8. Nov 29, 2023
  9. Nov 02, 2023
  10. Oct 30, 2023
  11. Oct 20, 2023
  12. Oct 19, 2023
  13. Oct 17, 2023
  14. Oct 04, 2023
Loading