man: document that sd_bus_creds_get_exec() is not suitable for security decisions
Fixes: #12704
This commit is contained in:
parent
eedaf7f322
commit
e5134f00f8
|
@ -325,12 +325,14 @@
|
||||||
<filename>/proc/<replaceable>pid</replaceable>/task/<replaceable>tid</replaceable>/comm</filename>).
|
<filename>/proc/<replaceable>pid</replaceable>/task/<replaceable>tid</replaceable>/comm</filename>).
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para><function>sd_bus_creds_get_exe()</function> will retrieve
|
<para><function>sd_bus_creds_get_exe()</function> will retrieve the path to the program executable (as
|
||||||
the path to the program executable (as stored in the
|
stored in the <filename>/proc/<replaceable>pid</replaceable>/exe</filename> link, but with the <literal>
|
||||||
<filename>/proc/<replaceable>pid</replaceable>/exe</filename>
|
(deleted)</literal> suffix removed). Note that kernel threads do not have an executable path, in which
|
||||||
link, but with the <literal> (deleted)</literal> suffix removed). Note
|
case -ENXIO is returned. Note that this property should not be used for more than explanatory
|
||||||
that kernel threads do not have an executable path, in which case
|
information, in particular it should not be used for security-relevant decisions. That's because the
|
||||||
-ENXIO is returned.</para>
|
executable might have been replaced or removed by the time the value can be processed. Moreover, the
|
||||||
|
kernel exports this information in an ambiguous way (i.e. a deleted executable cannot be safely
|
||||||
|
distinguished from one whose name suffix is <literal> (deleted)</literal>.</para>
|
||||||
|
|
||||||
<para><function>sd_bus_creds_get_cmdline()</function> will
|
<para><function>sd_bus_creds_get_cmdline()</function> will
|
||||||
retrieve an array of command line arguments (as stored in
|
retrieve an array of command line arguments (as stored in
|
||||||
|
|
Loading…
Reference in New Issue