D22571: Allow blacklisting some wayland interfaces
Fabian Vogt
noreply at phabricator.kde.org
Thu Aug 1 13:43:52 BST 2019
fvogt added inline comments.
INLINE COMMENTS
> davidedmundson wrote in wayland_server.cpp:223
> This has the same bug as outlined in the task.
>
> The exe will resolve the file path that we see in kwins namespace, not the exe being run within the clients mountnamespace. We're comparing a process with itself.
>
> We need to compare to /proc/PID/root/ + client->executablePath()
AFAICT, "We're comparing a process with itself." is still the case.
It would need to compare the content of `client->executablePath()` with `/proc/pid/exe`, but even that can be faked easily.
Note that procfs is unusual - sha256("/proc/pid/exe") != sha256(readlink("/proc/pid/exe"))
REPOSITORY
R108 KWin
REVISION DETAIL
https://phabricator.kde.org/D22571
To: apol, #plasma, #kwin, davidedmundson
Cc: fvogt, zzag, broulik, graesslin, davidedmundson, kwin, LeGast00n, fmonteiro, sbergeron, jraleigh, fbampaloukas, GB_2, mkulinski, ragreen, jackyalcine, Pitel, iodelay, crozbo, bwowk, ZrenBot, ngraham, alexeymin, himcesjf, lesliezhai, ali-mohamed, hardening, romangg, jensreuterberg, abetts, sebas, apol, mart
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kwin/attachments/20190801/b0f56a72/attachment.html>
More information about the kwin
mailing list