D25169: [wayland] Fix sha check of filtered applications
David Edmundson
noreply at phabricator.kde.org
Wed Nov 6 11:20:11 GMT 2019
davidedmundson created this revision.
Herald added a project: KWin.
Herald added a subscriber: kwin.
davidedmundson requested review of this revision.
REVISION SUMMARY
We have a sha check rather than just readlink as an app in a mount
namespace could have an executable with the same path as an exectuable
on the host system that we trust.
This became overly complicated to solve an issue that didn't exist.
sha(/proc/PID/exe) does resolve to what is currently running even if
sha(readlink(/proc/PID/exe) does not as /proc is magic.
This patch compares the root file system as kwin sees it to the running
exe.
See later comments on D22571 <https://phabricator.kde.org/D22571>
REPOSITORY
R108 KWin
BRANCH
master
REVISION DETAIL
https://phabricator.kde.org/D25169
AFFECTED FILES
wayland_server.cpp
To: davidedmundson
Cc: kwin, LeGast00n, The-Feren-OS-Dev, sbergeron, jraleigh, fbampaloukas, GB_2, mkulinski, ragreen, jackyalcine, iodelay, crozbo, bwowk, ZrenBot, ngraham, alexeymin, himcesjf, lesliezhai, ali-mohamed, hardening, romangg, jensreuterberg, abetts, sebas, apol, ahiemstra, mart
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kwin/attachments/20191106/e9d10883/attachment-0001.html>
More information about the kwin
mailing list