diff options
| author | David Zeuthen <davidz@redhat.com> | 2011-04-01 12:09:45 -0400 |
|---|---|---|
| committer | David Zeuthen <davidz@redhat.com> | 2011-04-01 12:09:45 -0400 |
| commit | 129b6223a19e7fb2753f8cad7957ac5402394076 (patch) | |
| tree | e437a160de83736418e933a5e6dee62d48f72501 /src/polkit/polkitsubject.c | |
| parent | dd848a42a64a3b22a0cc60f6657b56ce9b6010ae (diff) | |
| download | polkit-129b6223a19e7fb2753f8cad7957ac5402394076.tar.gz | |
Make PolkitUnixProcess also record the uid of the process
This is needed to avoid possible TOCTTOU issues since a process can
change both its real uid and effective uid.
Signed-off-by: David Zeuthen <davidz@redhat.com>
Diffstat (limited to 'src/polkit/polkitsubject.c')
| -rw-r--r-- | src/polkit/polkitsubject.c | 25 |
1 files changed, 22 insertions, 3 deletions
diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c index 577afec..d2c4c20 100644 --- a/src/polkit/polkitsubject.c +++ b/src/polkit/polkitsubject.c @@ -238,13 +238,18 @@ polkit_subject_from_string (const gchar *str, { gint scanned_pid; guint64 scanned_starttime; - if (sscanf (str, "unix-process:%d:%" G_GUINT64_FORMAT, &scanned_pid, &scanned_starttime) == 2) + gint scanned_uid; + if (sscanf (str, "unix-process:%d:%" G_GUINT64_FORMAT ":%d", &scanned_pid, &scanned_starttime, &scanned_uid) == 3) + { + subject = polkit_unix_process_new_for_owner (scanned_pid, scanned_starttime, scanned_uid); + } + else if (sscanf (str, "unix-process:%d:%" G_GUINT64_FORMAT, &scanned_pid, &scanned_starttime) == 2) { subject = polkit_unix_process_new_full (scanned_pid, scanned_starttime); } else if (sscanf (str, "unix-process:%d", &scanned_pid) == 1) { - subject = polkit_unix_process_new_full (scanned_pid, 0); + subject = polkit_unix_process_new (scanned_pid); if (polkit_unix_process_get_start_time (POLKIT_UNIX_PROCESS (subject)) == 0) { g_object_unref (subject); @@ -297,6 +302,8 @@ polkit_subject_to_gvariant (PolkitSubject *subject) g_variant_new_uint32 (polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (subject)))); g_variant_builder_add (&builder, "{sv}", "start-time", g_variant_new_uint64 (polkit_unix_process_get_start_time (POLKIT_UNIX_PROCESS (subject)))); + g_variant_builder_add (&builder, "{sv}", "uid", + g_variant_new_int32 (polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)))); } else if (POLKIT_IS_UNIX_SESSION (subject)) { @@ -395,6 +402,7 @@ polkit_subject_new_for_gvariant (GVariant *variant, GVariant *v; guint32 pid; guint64 start_time; + gint32 uid; v = lookup_asv (details_gvariant, "pid", G_VARIANT_TYPE_UINT32, error); if (v == NULL) @@ -414,7 +422,18 @@ polkit_subject_new_for_gvariant (GVariant *variant, start_time = g_variant_get_uint64 (v); g_variant_unref (v); - ret = polkit_unix_process_new_full (pid, start_time); + v = lookup_asv (details_gvariant, "uid", G_VARIANT_TYPE_INT32, error); + if (v != NULL) + { + uid = g_variant_get_int32 (v); + g_variant_unref (v); + } + else + { + uid = -1; + } + + ret = polkit_unix_process_new_for_owner (pid, start_time, uid); } else if (g_strcmp0 (kind, "unix-session") == 0) { |