D22571: Allow blacklisting some wayland interfaces
David Edmundson
noreply at phabricator.kde.org
Sat Jul 20 10:41:51 BST 2019
davidedmundson added inline comments.
INLINE COMMENTS
> wayland_server.cpp:223
> + bool isTrustedOrigin(KWayland::Server::ClientConnection * client) const {
> + return sha256(client->executablePath()) == sha256(QStringLiteral("/proc/") + QString::number(client->processId()) + QStringLiteral("/exe"));
> + }
This has the same bug as outlined in the task.
The exe will resolve the file path that we see in kwins namespace, not the exe being run within the clients mountnamespace. We're comparing a process with itself.
We need to compare to /proc/PID/root/ + client->executablePath()
REPOSITORY
R108 KWin
REVISION DETAIL
https://phabricator.kde.org/D22571
To: apol, #plasma, #kwin
Cc: davidedmundson, kwin, LeGast00n, fmonteiro, sbergeron, jraleigh, fbampaloukas, GB_2, mkulinski, ragreen, jackyalcine, Pitel, iodelay, crozbo, bwowk, ZrenBot, ngraham, alexeymin, himcesjf, lesliezhai, ali-mohamed, hardening, jensreuterberg, abetts, sebas, apol, mart
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kwin/attachments/20190720/c4ba6bf2/attachment.html>
More information about the kwin
mailing list