[patch] get pid of peer

David Zeuthen david at fubar.dk
Thu Jul 15 10:40:51 PDT 2004


On Wed, 2004-07-14 at 21:53 -0400, Havoc Pennington wrote:
> On Tue, 2004-07-13 at 18:57, David Zeuthen wrote:
> >  <policy image="/usr/libexec/gnome-vfs-daemon">
> >    <!-- grant something here -->
> >  </policy>
> 
> SELinux may overlap with this, but I'm not sure in what ways.
> 

Right. As I noted earlier this is pretty difficult to do on Linux
without SELinux. Sigh. It would be nice though; I assume you don't want
any crude hacks for solving this on non-SELinux systems? :-)

However, a new patch is applied.

> >  - not all platforms easily support this; it kind of require passing
> >    credentials on the socket for authentication.
> 
> I would suggest:
>  - add an error for PROCESS_ID_UNKNOWN rather than just using FAILED
>  - if there's no sensible process ID on Windows, or maybe even if 
>    there is (and it's effectively a different semantic),
>    should call it GetUnixProcessID()

Ok, I did both of these.

> >  - I'm not sure at all I'm doing the right thing in the function
> >    dbus-auth.c:handle_server_data_external_mech()
> 
> I expect the code would be much clearer if
> authorized_identity/desired_identity where just dbus_uid_t rather than
> the struct. Since e.g. we don't want to read the gid here, we want to
> look up the gid based on the uid.
> 
> I would say also we want to fill in the pid always when it's available,
> regardless of authentication method used.
> 

We only set the pid now.

> In the test code, it wouldn't hurt to verify that the PID in fact has
> the right value, if there's some reasonable way to do so.
> 

Uhmm, OK, I've added a lame test that checks if the returned value is
our own pid. Also, one @todo saying we could fork and test against the
parents pid. Btw, FWIW, I've tested this on my own, see [1].

> In connection_get_process_id(), maybe a better default initialization is
> DBUS_PID_UNSET or whatever it's called instead of INT_MAX. (Though I
> think PID_UNSET probably is the same as UINT_MAX)?
> 

I've did this as well.

Cheers,
David

[1] : With the tiny python program in [2] and HAL and hal-device-manager
connected to the system bus we get the expected

[david at laptop david]$ ./test_get_pid.py
Connection :1.7: (owner, user, pid) = (:1.7, 500, 26165)
Connection :1.3: (owner, user, pid) = (:1.3, 0, 26049)
Connection :1.8: (owner, user, pid) = (:1.8, 500, 26166)
Connection org.freedesktop.Hal: (owner, user, pid) = (:1.3, 0, 26049)

[david at laptop david]$ ps aux|grep hald
root     26049  1.4  1.7  5856 3260 tty1     S+   19:20   0:01 ./hald --daemon=no

[david at laptop david]$ ps aux|grep hal-device-manager
david    26165  3.4  8.0 27240 15416 pts/4   S+   19:22   0:01 /usr/bin/python /usr/local/bin/hal-device-manager


[2] :
#!/usr/bin/python
 
import dbus
 
bus = dbus.Bus(dbus.Bus.TYPE_SYSTEM)
dbus_service = bus.get_service('org.freedesktop.DBus')
dbus_object = dbus_service.get_object('/org/freedesktop/DBus',
                                       'org.freedesktop.DBus')
services = dbus_object.ListServices()
for i in services:
    owner = dbus_object.GetServiceOwner(i)
    user = dbus_object.GetConnectionUnixUser(i)
    pid = dbus_object.GetConnectionUnixProcessID(i)
    print "Connection %s: (owner, user, pid) = (%s, %s, %s)"%(i, owner, user, pid)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: dbus-get-process-id-2.patch
Type: text/x-patch
Size: 17368 bytes
Desc: not available
Url : http://freedesktop.org/pipermail/dbus/attachments/20040715/a1a68d7f/dbus-get-process-id-2-0001.bin


More information about the dbus mailing list