[pulseaudio-discuss] Access control
Wim Taymans
wim.taymans at gmail.com
Fri Jul 15 09:05:21 UTC 2016
Hi guys,
I'm having another look at the access control patches. I revived my old
patches and found some trouble with the async stuff that I fixed here:
https://cgit.freedesktop.org/~wtay/pulseaudio/log/?h=access-hooks
There is also an example on how to start and complete an async access
check for starting a recording. I believe Ahmed Darwish is building on
top of that so it might be useful to get it working.
Now I'm taking a look at the info in pa_client that is available to decide
what access checks we need to do for each client.
Ideally we would need the pid of the process with we can currently find
in the pa_proplist of the client. Unfortunately this pid is whatever the
client
sends us in a proplist in the set_client_name command so we need something
more secure.
We do send the pid and gid with the SCM_CREDENTIALS ancillary data in
the AUTH command. Since the kernel checks things, we can be guaranteed
that when we get the credentials, they are correct.
What I would like to do is make these credentials available somewhere. I
would like to make a new key in the client proplist with the verified pid
from
the credentials but the problem is that we then need to make sure that a
set_client_name command can't overwrite the value, which involves some
filtering or keys.
Alternatively we could make a new pa_client field to store the verified pid
and gid.. Does this sound better or worse?
Wim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/pulseaudio-discuss/attachments/20160715/a6bba14a/attachment-0001.html>
More information about the pulseaudio-discuss
mailing list