On Wednesday 2021-07-28 12:30, Carsten Haitzler wrote: > >> Please read the (lengthy) discussion at [1]. >> >> [1]: https://gitlab.freedesktop.org/wayland/weston/-/issues/206 >> >> In particular, the "get_credentials → PID → executable path" lookup is >> racy. PID re-use allows a malicious process to be recognized as another >> executable. > >That is true - but only at cusp points - e.g. PID has exited, but socket has >not been detected as dead yet and PID was recycled. I you do the lookup then, >it'd be a problem.
Only at cusp points? What if you pass the fd from P1 to P2 via the AF_LOCAL peercred mechanism (thus keeping it alive), have P1 exit, then spawn P3 with a PID suitable for the attack. _______________________________________________ wayland-devel mailing list wayland-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/wayland-devel