acl helper: Use ruid of invoker rather than looking up euid in /proc

This way we avoid a race condition if the parent execve()s a setuid program (possibly this program). This is the same as the fix for pkexec which is CVE-2011-1485: See: https://bugzilla.redhat.com/show_bug.cgi?id=692922
author: Colin Walters <walters@verbum.org> 2013-08-21 17:15:39 -0400
committer: Marc-André Lureau <marcandre.lureau@redhat.com> 2013-09-18 17:30:05 +0200
commit: cf8fb0bfadbb047a93fa42b04ca53c402ad94986 (patch)
tree: 9bb951e3e49b9f24126cae67283313a7533663a0
parent: 085d9a786d3656d7ebfb7aed199d8fe0aedf5f2c (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/gtk/spice-client-glib-usb-acl-helper.c b/gtk/spice-client-glib-usb-acl-helper.c
index 93b9b3a..3ed6cad 100644
--- a/gtk/spice-client-glib-usb-acl-helper.c
+++ b/gtk/spice-client-glib-usb-acl-helper.c
@@ -348,7 +348,8 @@ int main(void)
             FATAL_ERROR("Parent process was reaped by init(1)\n");
             return 1;
     }
-    subject = polkit_unix_process_new(parent_pid);
+    /* Do what pkexec does */
+    subject = polkit_unix_process_new_for_owner(parent_pid, 0, getuid ());
 
     stdin_unix_stream = g_unix_input_stream_new(STDIN_FILENO, 0);
     stdin_stream = g_data_input_stream_new(stdin_unix_stream);
author	Colin Walters <walters@verbum.org>	2013-08-21 17:15:39 -0400
committer	Marc-André Lureau <marcandre.lureau@redhat.com>	2013-09-18 17:30:05 +0200
commit	cf8fb0bfadbb047a93fa42b04ca53c402ad94986 (patch)
tree	9bb951e3e49b9f24126cae67283313a7533663a0
parent	085d9a786d3656d7ebfb7aed199d8fe0aedf5f2c (diff)