Proxying Wayland for security
Jan Engelhardt
jengelh at inai.de
Wed Jul 28 11:07:29 UTC 2021
On Wednesday 2021-07-28 12:30, Carsten Haitzler wrote:
>
>> Please read the (lengthy) discussion at [1].
>>
>> [1]: https://gitlab.freedesktop.org/wayland/weston/-/issues/206
>>
>> In particular, the "get_credentials → PID → executable path" lookup is
>> racy. PID re-use allows a malicious process to be recognized as another
>> executable.
>
>That is true - but only at cusp points - e.g. PID has exited, but socket has
>not been detected as dead yet and PID was recycled. I you do the lookup then,
>it'd be a problem.
Only at cusp points? What if you pass the fd from P1 to P2 via the AF_LOCAL
peercred mechanism (thus keeping it alive), have P1 exit, then spawn P3 with a
PID suitable for the attack.
More information about the wayland-devel
mailing list