From b97a6e62a39e7818bb4b401617221e0f262dfc6e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonas=20Dre=C3=9Fler?= Date: Mon, 6 Apr 2020 20:14:12 +0200 Subject: [PATCH] window: Add a note about the trustworthiness of the client PID Since PIDs are inherently insecure because they are reused after a certain amount of processes was started, it's possible the client PID was spoofed by the client. So make sure users of the meta_window_get_pid() API are aware of those issues and add a note to the documentation that the PID can not be totally trusted. https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/1180 --- src/core/window.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/core/window.c b/src/core/window.c index d7faf00fc..24403b79f 100644 --- a/src/core/window.c +++ b/src/core/window.c @@ -7590,6 +7590,9 @@ meta_window_get_transient_for (MetaWindow *window) * Returns the pid of the process that created this window, if available * to the windowing system. * + * Note that the value returned by this is vulnerable to spoofing attacks + * by the client. + * * Return value: the pid, or 0 if not known. */ pid_t