On Wednesday, March 9th, 2022 at 11:24, Christian König ckoenig.leichtzumerken@gmail.com wrote:
Am 09.03.22 um 11:10 schrieb Simon Ser:
On Wednesday, March 9th, 2022 at 10:56, Pierre-Eric Pelloux-Prayer pierre-eric.pelloux-prayer@amd.com wrote:
Would it be possible to include the app parameters as well?
Can all processes read sysfs events?
No, but application parameters are usually not secret.
It's a bad practice, yes. But people still do it.
There might be security implications here. The app parameters might contain sensitive information, like passwords or tokens.
It's a well known security vulnerably to provide password etc.. as application parameter since everybody can read them through procfs.
I was thinking mostly about Flatpak apps here. Flatpak apps are running in a process namespace so they can't query the CLI parameters of PIDs outside of the namespace. But they might still receive sysfs uevents.