backend: Compare PolkitUnixProcess uids for temporary authorizations (!19) · Merge requests · polkit / polkit

Colin Walters requested to merge walters/polkit:uid-compare into master Jan 08, 2019

It turns out that the combination of (pid, start time) is not enough to be unique. For temporary authorizations, we can avoid separate users racing on pid reuse by simply comparing the uid.

https://bugs.chromium.org/p/project-zero/issues/detail?id=1692

And the above original email report is included in full in a new comment.

Reported-by: Jann Horn jannh@google.com

Closes: #75 (closed)

backend: Compare PolkitUnixProcess uids for temporary authorizations

Merge request reports