-
Zeeshan Ali Khan authored
We have been using /proc/${PID}/cmdline for identifying apps but that can be overwritten by app itself very easily. Instead we look at what /proc/${PID}/exe is pointing to. The only way an app/agent can fool geoclue now is by overwriting the binary of a whitelisted agent or authorized app. We can make things a lot more secure by only allowing binaries to be in privileged directories (e.g /usr/bin and /usr/libexec etc) since then a random unprivileged binary can't just overwrite known binaries. However, this will break geoclue for developers (think jhbuild). Perhaps we should do this but provide an option in conf file to either disable these checks or provide the whitelists binary directories? Thanks to Lennart Poettering for advice.
764a7e4e