[Dev] Tizen 3.0 proposal for applications launch
jarkko.sakkinen at intel.com
Thu Oct 10 13:01:34 GMT 2013
On Thu, Oct 10, 2013 at 02:09:29PM +0200, Xavier Roche wrote:
> Hi all,
> Regarding the last threads for fixing OSP/WRT/Core hardcoded UID issue, I
> was wondering to what extent it could be possible to act as follow:
> 1. Assuming we already got the uid (from getsockopt with SO_PEERCRED...),
> get the 'systemd --user' pid (running with the same uid)
> 2. We could then retrieve the entire launch environment, in the associated
> /proc/<pid>/environ ...
> 3. Launch whatever app within such an environment (execve...)
> Am I mistaken on this point? Does it seem acceptable in your opinion?
It's a racy approach unless you can survive with only accessing
Also, I would advise not to use SO_PEERCRED or SO_PEERSEC but as
I've said in that thread I don't have yet tests to back this up.
Only but also heavyweight way to ensure authenticity would be to
use SO_PASSCRED and SCM_CREDENTIALS so that every message is
authenticated (maybe there could be some kind of initial handshake
with these options turned on for connections?).
More information about the Dev