Hello Simon, On Thu, Nov 28, 2024 at 12:14:07PM +0000, Simon McVittie wrote: > This should be easily resolvable if the authors of tuned want to do so, > without needing to resort to relying on hard-to-predict cookie values. > Clients of the D-Bus system bus can identify other clients of the system > bus, by calling the GetConnectionCredentials method on the message bus > itself (this is how polkit works). [...] > (Behind the scenes, this is implemented by the message bus using > SO_PEERCRED, SO_PEERSEC, etc. on each client connection, or the closest > available equivalent of SO_PEERCRED on various non-Linux OSs.)
thanks for the hint! Relying on D-Bus and kernel features is surely the cleanest way to implement this. Cheers Matthias -- Matthias Gerstner <matthias.gerst...@suse.de> Security Engineer https://www.suse.com/security GPG Key ID: 0x14C405C971923553 SUSE Software Solutions Germany GmbH HRB 36809, AG Nürnberg Geschäftsführer: Ivo Totev, Andrew McDonald, Werner Knoblich
signature.asc
Description: PGP signature
