-
Luca Boccassi authored
The new socket option SO_PEERPIDFD allows to pin the process on the other side of the socket by file descriptor, which closes a race condition where a PID can be reused before we can pin it manually. Available since Linux v6.5. When storing credentials, pin the process by FD from the PID. When querying the PID, if the PID FD is available, resolve it from there first if possible. Ensure the DBusCredentials object only returns the PID FD if it was obtained by this call, so that we know for sure we can rely on it being safe against PID reuse attacks. Signed-off-by: Luca Boccassi <bluca@debian.org>
80d523dc