[PINENTRY PATCH 2/3] core: Only scan for the command line if probably on the same host.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sun Feb 5 08:22:27 CET 2017
* pinentry/pinentry.c (pinentry_get_title): Check the current hostname
and make sure it matches. If it does not, do not bother looking for
the command line.
--
If we don't do this, and the agent is forwarded from somewhere else,
pinentry will be looking up arbitrary process command lines.
Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
---
pinentry/pinentry.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/pinentry/pinentry.c b/pinentry/pinentry.c
index 8cf712d..d8d7a62 100644
--- a/pinentry/pinentry.c
+++ b/pinentry/pinentry.c
@@ -28,6 +28,7 @@
#include <string.h>
#include <unistd.h>
#include <assert.h>
+#include <sys/utsname.h>
#ifndef HAVE_W32CE_SYSTEM
# include <locale.h>
#endif
@@ -438,19 +439,22 @@ pinentry_get_title (pinentry_t pe)
else if (pe->owner_pid)
{
char buf[200];
- char *cmdline = get_cmdline (pe->owner_pid);
+ struct utsname utsbuf;
+ char *cmdline = NULL;
+
+ if (pe->owner_host &&
+ !uname (&utsbuf) && utsbuf.nodename &&
+ !strcmp (utsbuf.nodename, pe->owner_host))
+ cmdline = get_cmdline (pe->owner_pid);
if (pe->owner_host && cmdline)
snprintf (buf, sizeof buf, "[%lu]@%s (%s)",
pe->owner_pid, pe->owner_host, cmdline);
- else if (cmdline)
- snprintf (buf, sizeof buf, "[%lu] (%s)",
- pe->owner_pid, cmdline);
else if (pe->owner_host)
snprintf (buf, sizeof buf, "[%lu]@%s",
pe->owner_pid, pe->owner_host);
else
- snprintf (buf, sizeof buf, "[%lu]",
+ snprintf (buf, sizeof buf, "[%lu] <unknown host>",
pe->owner_pid);
buf[sizeof buf - 1] = 0;
free (cmdline);
--
2.11.0
More information about the Gnupg-devel
mailing list