Use PID FD if available from SO_PEERPIDFD, and return it via GetConnectionCredentials() (!398) · Merge requests · dbus / dbus

Luca Boccassi requested to merge bluca/dbus:pidfd into master Mar 20, 2023

Requires !399 (merged), and a kernel release where SO_PEERPIDFD is part of the stable API (v6.5).

This wires up support for PID FDs on Linux, which allow to pin a process by file descriptor. PIDs can be reused, and attackers can thus impersonate other processes. The new SO_PEERPIDFD socket option lets us get an FD that we know for sure pins the original process, so we return it as ProcessFD in GetConnectionCredentials() so that clients can use it as well. If the new call is not available, pin the process manually by pid, so that we can still improve the situation a little by resolving the PID on the fly for internal usage, but in this case avoid returning the FD to clients, as it's not deemed safe enough.

I will open a PR on polkit to use this interface.

Edited Aug 02, 2023 by Luca Boccassi

Use PID FD if available from SO_PEERPIDFD, and return it via GetConnectionCredentials()

Merge request reports