Hi guys, I'm having another look at the access control patches. I revived my old patches and found some trouble with the async stuff that I fixed here: https://cgit.freedesktop.org/~wtay/pulseaudio/log/?h=access-hooks There is also an example on how to start and complete an async access check for starting a recording. I believe Ahmed Darwish is building on top of that so it might be useful to get it working. Now I'm taking a look at the info in pa_client that is available to decide what access checks we need to do for each client. Ideally we would need the pid of the process with we can currently find in the pa_proplist of the client. Unfortunately this pid is whatever the client sends us in a proplist in the set_client_name command so we need something more secure. We do send the pid and gid with the SCM_CREDENTIALS ancillary data in the AUTH command. Since the kernel checks things, we can be guaranteed that when we get the credentials, they are correct. What I would like to do is make these credentials available somewhere. I would like to make a new key in the client proplist with the verified pid from the credentials but the problem is that we then need to make sure that a set_client_name command can't overwrite the value, which involves some filtering or keys. Alternatively we could make a new pa_client field to store the verified pid and gid.. Does this sound better or worse? Wim -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.freedesktop.org/archives/pulseaudio-discuss/attachments/20160715/a6bba14a/attachment-0001.html>
