window: Add a note about the trustworthiness of the client PID

Since PIDs are inherently insecure because they are reused after a certain amount of processes was started, it's possible the client PID was spoofed by the client. So make sure users of the meta_window_get_pid() API are aware of those issues and add a note to the documentation that the PID can not be totally trusted. https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/1180
2024-11-21 15:40:41 -05:00 · 2020-04-06 20:14:12 +02:00 · 2020-04-06 20:14:12 +02:00 · b97a6e62a3
commit b97a6e62a3
parent 4fac1a4862
1 changed files with 3 additions and 0 deletions
--- a/src/core/window.c
+++ b/src/core/window.c
@ -7590,6 +7590,9 @@ meta_window_get_transient_for (MetaWindow *window)
 * Returns the pid of the process that created this window, if available
 * to the windowing system.
 *
+ * Note that the value returned by this is vulnerable to spoofing attacks
+ * by the client.
+ *
 * Return value: the pid, or 0 if not known.
 */
 pid_t