core: Expect (and verify) a uid on "owner" option.
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>
Sun, 5 Feb 2017 05:44:12 +0000 (00:44 -0500)
committerDaniel Kahn Gillmor <dkg@fifthhorseman.net>
Thu, 19 Oct 2017 07:40:30 +0000 (03:40 -0400)
commit6aafa61b199ab9091d6c9e190129f2ead2a647c7
tree7527bb7c6235d6935309903b30841112d99155f2
parent1f5b351531205214e9513a0aed170660dc822ceb
core: Expect (and verify) a uid on "owner" option.

* pinentry/pinentry.h (struct pinentry): Add field 'owner_uid'.
* pinentry/pinentry.c (pinentry_reset): Handle this new field.
(get_pid_name_for_uid): New. Atomic check for the base process name
contingent on process ownership.
(pinentry_get_title): Only scan for full commandline if the process
actually belongs to the claimed uid.
(option_handler): Option "owner" now expects "pid/uid hostname".

--

This requires an update to gpg's use of the "owner" option to emit the
uid (which will follow shortly).  It is not as atomic as it should be.
In particular, there's a race condition between reading from
/proc/PID/status and reading from /proc/PID/cmdline, but it's a much
smaller race than there was previously.

Werner suggested using a / between pid/uid instead of whitespace.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
pinentry/pinentry.c
pinentry/pinentry.h