Skip to content

backend: Compare PolkitUnixProcess uids for temporary authorizations

Colin Walters requested to merge walters/polkit:uid-compare into master

It turns out that the combination of (pid, start time) is not enough to be unique. For temporary authorizations, we can avoid separate users racing on pid reuse by simply comparing the uid.

https://bugs.chromium.org/p/project-zero/issues/detail?id=1692

And the above original email report is included in full in a new comment.

Reported-by: Jann Horn jannh@google.com

Closes: #75 (closed)

Merge request reports

Loading