Please read the (lengthy) discussion at [1]. [1]: https://gitlab.freedesktop.org/wayland/weston/-/issues/206 In particular, the "get_credentials → PID → executable path" lookup is racy. PID re-use allows a malicious process to be recognized as another executable.