Re: [libvirt] [PATCH 03/11] Include process start time when doing polkit checks

From: "Daniel P. Berrange" <berrange(a)redhat.com&gt; Since PIDs can be reused, polkit prefers to be given a (PID,start time) pair. If given a PID on its own, it will attempt to lookup the start time in /proc/pid/stat, though this is subject to races. It is safer if the client app resolves the PID start time itself, because as long as the app has the client socket open, the client PID won't be reused. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com&gt; --- daemon/remote.c | 12 +++-- src/libvirt_private.syms | 1 + src/locking/lock_daemon.c | 4 +- src/rpc/virnetserverclient.c | 28 +++++++++-- src/rpc/virnetserverclient.h | 3 +- src/rpc/virnetsocket.c | 23 ++++++--- src/rpc/virnetsocket.h | 3 +- src/util/viridentity.h | 1 + src/util/virprocess.c | 117 +++++++++++++++++++++++++++++++++++++++++++ src/util/virprocess.h | 3 ++ src/util/virstring.c | 11 ++++ src/util/virstring.h | 2 + 12 files changed, 191 insertions(+), 17 deletions(-)

+int virProcessGetStartTime(pid_t pid, + unsigned long long *timestamp) +{ + char *filename = NULL; + char *buf = NULL; + char *tmp; + int ret = -1; + int len; + char **tokens = NULL; + + if (virAsprintf(&filename, "/proc/%llu/stat", + (unsigned long long)pid) < 0) { + virReportOOMError(); + return -1; + } + + if ((len = virFileReadAll(filename, 1024, &buf)) < 0) + goto cleanup; + + /* start time is the token at index 19 after the '(process name)' entry - since only this + * field can contain the ')' character, search backwards for this to avoid malicious + * processes trying to fool us + */