isa/mutter
1
0
Fork 0
mirror of https://github.com/brl/mutter.git synced 2024-11-21 23:50:41 -05:00
Code Issues Packages Projects Releases Wiki Activity

window: Add a note about the trustworthiness of the client PID

Browse Source 
Since PIDs are inherently insecure because they are reused after a
certain amount of processes was started, it's possible the client PID
was spoofed by the client.

So make sure users of the meta_window_get_pid() API are aware of those
issues and add a note to the documentation that the PID can not be
totally trusted.

https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/1180
This commit is contained in:
Jonas Dreßler 2020-04-06 20:14:12 +02:00 committed by Florian Müllner
parent 4fac1a4862
commit b97a6e62a3
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/core/window.c
View File

@ -7590,6 +7590,9 @@ meta_window_get_transient_for (MetaWindow *window)
* Returns the pid of the process that created this window, if available * Returns the pid of the process that created this window, if available
* to the windowing system. * to the windowing system.
* *
* Note that the value returned by this is vulnerable to spoofing attacks
* by the client.
*
* Return value: the pid, or 0 if not known. * Return value: the pid, or 0 if not known.
*/ */
pid_t pid_t