Differential D25169

[wayland] Fix sha check of filtered applications
ClosedPublic
Actions

Authored by davidedmundson on Nov 6 2019, 11:20 AM.

Details

Reviewers
fvogt
Commits
R108:18a4ded30771: [wayland] Fix sha check of filtered applications
Summary

We have a sha check rather than just readlink as an app in a mount
namespace could have an executable with the same path as an exectuable
on the host system that we trust.

This became overly complicated to solve an issue that didn't exist.
sha(/proc/PID/exe) does resolve to what is currently running even if
sha(readlink(/proc/PID/exe) does not as /proc is magic.

This patch compares the root file system as kwin sees it to the running
exe.

See later comments on D22571

Diff Detail

Repository
R108 KWin
Branch
master
Lint
Lint OK
Unit
No Unit Test Coverage
Build Status
Buildable 18531
Build 18549: arc lint + arc unit
davidedmundson created this revision.Nov 6 2019, 11:20 AM
Restricted Application added a project: KWin. · View Herald TranscriptNov 6 2019, 11:20 AM
Restricted Application added a subscriber: kwin. · View Herald Transcript
davidedmundson requested review of this revision.Nov 6 2019, 11:20 AM
fvogt accepted this revision.Nov 6 2019, 12:18 PM

This way the code does what it's supposed to (even though it's flawed), so definitely an improvement.

This revision is now accepted and ready to land.Nov 6 2019, 12:18 PM
Closed by commit R108:18a4ded30771: [wayland] Fix sha check of filtered applications (authored by davidedmundson). · Explain WhyNov 6 2019, 1:41 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathPackages
Mwayland_server.cpp (2 lines)

Diff 69340

View Options

wayland_server.cpp

Loading...