[Dev] Tizen 3.0 proposal for fixing OSP/WRT/Core hard-coded UID issue
casey.schaufler at intel.com
Thu Oct 10 00:48:51 GMT 2013
From: dev-bounces at lists.tizen.org [mailto:dev-bounces at lists.tizen.org] On Behalf Of Dominig ar Foll (Intel OTC)
Sent: Wednesday, October 09, 2013 10:06 AM
To: dev at lists.tizen.org
Subject: Re: [Dev] Tizen 3.0 proposal for fixing OSP/WRT/Core hard-coded UID issue
Le 09/10/2013 17:39, Schaufler, Casey a écrit :
SO_PEERCRED is fine.
/proc/PID is *not*. Unless you have some way to ensure that the pid represents the right process you can't count on it. Also, it seems questionable that you should launch an application with a particular environment just because another application uses that environment.
I must miss something.
If 'SO_PREECRED is fine', the pid that we will be read is the correct pid of the caller.
Then it seems that your "unless" clause will be validated and /proc/PID should be OK.
Not at all. You call recvmsg and the getsocopt to get the SO_PEERCRED. The "other" process exits. Another process gets created with the same pid. You open /proc/PID/something. You get the wrong data. The mechanism is 100% unreliable.
For the environment, the need is quite simple to explain.
When a request to launch an application is done by a user (by pressing a button, calling a Mime Type, ...) a message is pushed on a socket to get that application started.
At the end of the chain the daemon Launchpad, which runs as root, will spawn the application for the user.
That application must be launch in the user environment ($HOME, $DISPLAY, D-bus session ID, locale, ...) which is not static any more in multi user.
Right. Even if you manage to get the right process opened from /proc/PID, you still can't count on the environment from that program. A programs can change its environment. There is no way you can assume that the programs you're about to invoke should run with the environment the other programs has now. I'm not saying you don't need the correct environment information, I'm saying that this is not a viable way to get it.
Dominig ar Foll
Senior Software Architect
Open Source Technology Centre
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Dev