[Dev] Tizen 3.0 proposal for applications launch
Dominig ar Foll
dominig.arfoll at fridu.net
Thu Oct 10 13:32:18 GMT 2013
Le 10/10/2013 15:01, Jarkko Sakkinen a écrit :
> On Thu, Oct 10, 2013 at 02:09:29PM +0200, Xavier Roche wrote:
>> Hi all,
>> Regarding the last threads for fixing OSP/WRT/Core hardcoded UID issue, I
>> was wondering to what extent it could be possible to act as follow:
>> 1. Assuming we already got the uid (from getsockopt with SO_PEERCRED...),
>> get the 'systemd --user' pid (running with the same uid)
>> 2. We could then retrieve the entire launch environment, in the associated
>> /proc/<pid>/environ ...
>> 3. Launch whatever app within such an environment (execve...)
>> Am I mistaken on this point? Does it seem acceptable in your opinion?
> It's a racy approach unless you can survive with only accessing
> Also, I would advise not to use SO_PEERCRED or SO_PEERSEC but as
> I've said in that thread I don't have yet tests to back this up.
> Only but also heavyweight way to ensure authenticity would be to
> use SO_PASSCRED and SCM_CREDENTIALS so that every message is
> authenticated (maybe there could be some kind of initial handshake
> with these options turned on for connections?).
> Dev mailing list
> Dev at lists.tizen.org
To the security team.
In order to speed up the discussion and converge on an acceptable model,
I would be interested to understand what is your proposition to enable a
daemon to extract the caller UID and ENV from the caller when the call
is done via a Unix socket (local).
Dominig ar Foll
Senior Software Architect
Intel Open Source Technology Centre
More information about the Dev