Re: [PATCH 03/11] Include process start time when doing polkit checks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 05/02/2013 06:03 AM, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" <berrange@xxxxxxxxxx>
> 
> Since PIDs can be reused, polkit prefers to be given
> a (PID,start time) pair. If given a PID on its own,
> it will attempt to lookup the start time in /proc/pid/stat,
> though this is subject to races.
> 
> It is safer if the client app resolves the PID start
> time itself, because as long as the app has the client
> socket open, the client PID won't be reused.
> 
> Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
> ---
>  daemon/remote.c              |  12 +++--
>  src/libvirt_private.syms     |   1 +
>  src/locking/lock_daemon.c    |   4 +-
>  src/rpc/virnetserverclient.c |  28 +++++++++--
>  src/rpc/virnetserverclient.h |   3 +-
>  src/rpc/virnetsocket.c       |  23 ++++++---
>  src/rpc/virnetsocket.h       |   3 +-
>  src/util/viridentity.h       |   1 +
>  src/util/virprocess.c        | 117 +++++++++++++++++++++++++++++++++++++++++++
>  src/util/virprocess.h        |   3 ++
>  src/util/virstring.c         |  11 ++++
>  src/util/virstring.h         |   2 +
>  12 files changed, 191 insertions(+), 17 deletions(-)

> +int virProcessGetStartTime(pid_t pid,
> +                           unsigned long long *timestamp)
> +{
> +    char *filename = NULL;
> +    char *buf = NULL;
> +    char *tmp;
> +    int ret = -1;
> +    int len;
> +    char **tokens = NULL;
> +
> +    if (virAsprintf(&filename, "/proc/%llu/stat",
> +                    (unsigned long long)pid) < 0) {
> +        virReportOOMError();
> +        return -1;
> +    }
> +
> +    if ((len = virFileReadAll(filename, 1024, &buf)) < 0)
> +        goto cleanup;
> +
> +    /* start time is the token at index 19 after the '(process name)' entry - since only this
> +     * field can contain the ')' character, search backwards for this to avoid malicious
> +     * processes trying to fool us
> +     */

Talk about an arcane interface with the kernel.  But the code looks
correct; and more importantly, it picks the same number as polkit picks
(since you copied polkit's code), no matter whether that number is a
timestamp or something else.

ACK.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]