window: Add a note about the trustworthiness of the client PID
Since PIDs are inherently insecure because they are reused after a certain amount of processes was started, it's possible the client PID was spoofed by the client. So make sure users of the meta_window_get_pid() API are aware of those issues and add a note to the documentation that the PID can not be totally trusted. https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/1180
This commit is contained in:
parent
4fac1a4862
commit
b97a6e62a3
@ -7590,6 +7590,9 @@ meta_window_get_transient_for (MetaWindow *window)
|
||||
* Returns the pid of the process that created this window, if available
|
||||
* to the windowing system.
|
||||
*
|
||||
* Note that the value returned by this is vulnerable to spoofing attacks
|
||||
* by the client.
|
||||
*
|
||||
* Return value: the pid, or 0 if not known.
|
||||
*/
|
||||
pid_t
|
||||
|
Loading…
Reference in New Issue
Block a user