- commit
- c486ff3137e3b2f71806c3deb2d5f17c7af668a7
- parent
- b8204a6d85e93d71fa3806bdd3e6fe7f58b720f5
- Author
- Tobias Bengfort <tobias.bengfort@posteo.de>
- Date
- 2026-03-05 11:13
app_id: use pidfd to protect against data races see https://github.com/swaywm/sway/pull/3088#issuecomment-456078987 for examples of possible attacks
Diffstat
| M | xikeyring/app_id.py | 12 | ++++++++++-- |
| M | xikeyring/dbus.py | 11 | ++++++----- |
2 files changed, 16 insertions, 7 deletions
diff --git a/xikeyring/app_id.py b/xikeyring/app_id.py
@@ -1,13 +1,21 @@ 1 1 import configparser -1 2 import selectors 2 3 from pathlib import Path 3 4 4 55 -1 def get_app_id(pid: int) -> str:-1 6 def get_app_id(pid: int, pidfd: int) -> str: 6 7 path = Path('/proc') / str(pid) / 'root' / '.flatpak-info' 7 8 config = configparser.ConfigParser() 8 9 try: 9 10 with path.open() as fh: 10 11 config.read_file(fh)11 -1 return config['Application']['name']-1 12 app_id = config['Application']['name'] 12 13 except Exception: 13 14 return '' -1 15 -1 16 with selectors.DefaultSelector() as sel: -1 17 sel.register(pidfd, selectors.EVENT_READ) -1 18 if sel.select(0) != []: -1 19 raise ValueError('Calling process has quit') -1 20 -1 21 return app_id
diff --git a/xikeyring/dbus.py b/xikeyring/dbus.py
@@ -116,18 +116,19 @@ class BaseDBusService: 116 116 return True 117 117 118 118 def get_app_id(self, conn, sender) -> str:119 -1 pid = conn.call_sync(-1 119 (cred,), fds = conn.call_with_unix_fd_list_sync( 120 120 'org.freedesktop.DBus', 121 121 '/org/freedesktop/DBus', 122 122 'org.freedesktop.DBus',123 -1 'GetConnectionUnixProcessID',-1 123 'GetConnectionCredentials', 124 124 GLib.Variant('(s)', [sender]),125 -1 GLib.VariantType('(u)'),-1 125 GLib.VariantType('(a{sv})'), 126 126 Gio.DBusCallFlags.NONE, 127 127 -1, -1 128 Gio.UnixFDList(), 128 129 None,129 -1 )[0]130 -1 return get_app_id(pid)-1 130 ) -1 131 return get_app_id(cred['ProcessID'], fds.get(cred['ProcessFD'])) 131 132 132 133 133 134 class DBusService(BaseDBusService):