[wayland] Fix sha check of filtered applications
ClosedPublic

Authored by davidedmundson on Wed, Nov 6, 11:20 AM.

Details

Summary

We have a sha check rather than just readlink as an app in a mount
namespace could have an executable with the same path as an exectuable
on the host system that we trust.

This became overly complicated to solve an issue that didn't exist.
sha(/proc/PID/exe) does resolve to what is currently running even if
sha(readlink(/proc/PID/exe) does not as /proc is magic.

This patch compares the root file system as kwin sees it to the running
exe.

See later comments on D22571

Diff Detail

Repository
R108 KWin
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.
davidedmundson created this revision.Wed, Nov 6, 11:20 AM
Restricted Application added a project: KWin. · View Herald TranscriptWed, Nov 6, 11:20 AM
Restricted Application added a subscriber: kwin. · View Herald Transcript
davidedmundson requested review of this revision.Wed, Nov 6, 11:20 AM
fvogt accepted this revision.Wed, Nov 6, 12:18 PM

This way the code does what it's supposed to (even though it's flawed), so definitely an improvement.

This revision is now accepted and ready to land.Wed, Nov 6, 12:18 PM
This revision was automatically updated to reflect the committed changes.