[libvirt] [PATCH 03/11] Include process start time when doing polkit checks
Eric Blake
eblake at redhat.com
Fri May 3 19:34:40 UTC 2013
On 05/02/2013 06:03 AM, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" <berrange at redhat.com>
>
> Since PIDs can be reused, polkit prefers to be given
> a (PID,start time) pair. If given a PID on its own,
> it will attempt to lookup the start time in /proc/pid/stat,
> though this is subject to races.
>
> It is safer if the client app resolves the PID start
> time itself, because as long as the app has the client
> socket open, the client PID won't be reused.
>
> Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
> ---
> daemon/remote.c | 12 +++--
> src/libvirt_private.syms | 1 +
> src/locking/lock_daemon.c | 4 +-
> src/rpc/virnetserverclient.c | 28 +++++++++--
> src/rpc/virnetserverclient.h | 3 +-
> src/rpc/virnetsocket.c | 23 ++++++---
> src/rpc/virnetsocket.h | 3 +-
> src/util/viridentity.h | 1 +
> src/util/virprocess.c | 117 +++++++++++++++++++++++++++++++++++++++++++
> src/util/virprocess.h | 3 ++
> src/util/virstring.c | 11 ++++
> src/util/virstring.h | 2 +
> 12 files changed, 191 insertions(+), 17 deletions(-)
> +int virProcessGetStartTime(pid_t pid,
> + unsigned long long *timestamp)
> +{
> + char *filename = NULL;
> + char *buf = NULL;
> + char *tmp;
> + int ret = -1;
> + int len;
> + char **tokens = NULL;
> +
> + if (virAsprintf(&filename, "/proc/%llu/stat",
> + (unsigned long long)pid) < 0) {
> + virReportOOMError();
> + return -1;
> + }
> +
> + if ((len = virFileReadAll(filename, 1024, &buf)) < 0)
> + goto cleanup;
> +
> + /* start time is the token at index 19 after the '(process name)' entry - since only this
> + * field can contain the ')' character, search backwards for this to avoid malicious
> + * processes trying to fool us
> + */
Talk about an arcane interface with the kernel. But the code looks
correct; and more importantly, it picks the same number as polkit picks
(since you copied polkit's code), no matter whether that number is a
timestamp or something else.
ACK.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 621 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20130503/09f4e5ce/attachment-0001.sig>
More information about the libvir-list
mailing list