Draft: add wl_client_get_pidfd and wl_client_get_user_data/wl_client_set_user_data (!186) · Merge requests · wayland / wayland

Sebastian Wick requested to merge swick/wayland:pidfd into main Oct 25, 2021

The PID returned from wl_client_get_credentials is not suitable for authenticating a client. A reuse attack 1 can trick the compositor into inspecting the wrong process. If the wrong process has more privileges the attacker will attain those privileges. The pidfd is queried from connected clients with getsockopt's SO_PEERPIDFD option similar to SO_PEERCRED. To detect PID reuse one uses the PID to probe the process (for example using /proc/$PID/...) and then checks if the process represented by the pidfd has been recycled by sending a signal 2.

It also adds user data to wl_client for a convenient way to store queried properties.

Draft because this depends on some kernel patches.

kernel: https://github.com/swick/linux/tree/sopeerpidfd

testing: https://github.com/swick/peerpidfd

weston: weston!715

Also see: weston#206

Edited Oct 25, 2021 by Sebastian Wick

Admin message

Draft: add wl_client_get_pidfd and wl_client_get_user_data/wl_client_set_user_data

Merge request reports