Address review: Use more secure fdinfo for parsing senders PID, if possible.

msirringhaus · msirringhaus · commit 279a5a23f8a1 · 2025-11-18T09:47:21.000+01:00
diff --git a/credentialsd/src/dbus/gateway.rs b/credentialsd/src/dbus/gateway.rs
@@ -14,13 +14,19 @@ use credentialsd_common::{
     },
 };
 use tokio::sync::Mutex as AsyncMutex;
-use zbus::{fdo, interface, message::Header, Connection, DBusError};
+use zbus::{
+    fdo, interface,
+    message::Header,
+    names::{BusName, UniqueName},
+    Connection, DBusError,
+};
 
 use crate::dbus::{
     create_credential_request_try_into_ctap2, create_credential_response_try_from_ctap2,
     get_credential_request_try_into_ctap2, get_credential_response_try_from_ctap2,
     CredentialRequestController,
 };
+use std::os::fd::AsRawFd;
 
 pub const SERVICE_NAME: &str = "xyz.iinuwa.credentialsd.Credentials";
 pub const SERVICE_PATH: &str = "/xyz/iinuwa/credentialsd/Credentials";
@@ -47,16 +53,73 @@ struct CredentialGateway<C: CredentialRequestController> {
     controller: Arc<AsyncMutex<C>>,
 }
 
-async fn query_connection_peer_binary(
-    header: Header<'_>,
+async fn query_peer_pid_via_fdinfo(
     connection: &Connection,
-) -> Option<RequestingApplication> {
-    // 1. Get the sender's unique bus name
-    let sender_unique_name = header.sender()?;
+    sender_unique_name: &UniqueName<'_>,
+) -> Option<u32> {
+    let dbus_proxy = match zbus::fdo::DBusProxy::new(connection).await {
+        Ok(p) => p,
+        Err(e) => {
+            tracing::error!("Failed to establish DBus proxy to query peer info: {e:?}");
+            return None;
+        }
+    };
 
-    tracing::debug!("Received request from sender: {}", sender_unique_name);
+    let peer_credentials = match dbus_proxy
+        .get_connection_credentials(BusName::from(sender_unique_name.to_owned()))
+        .await
+    {
+        Ok(c) => c,
+        Err(e) => {
+            tracing::error!("Failed to get peer credentials: {e:?}");
+            return None;
+        }
+    };
+
+    let pidfd = match peer_credentials.process_fd() {
+        Some(p) => p.as_raw_fd(),
+        None => {
+            tracing::error!("Failed to get process fd from peer credentials");
+            return None;
+        }
+    };
+
+    let fdinfo_str = match std::fs::read_to_string(format!("/proc/self/fdinfo/{pidfd}")) {
+        Ok(fdinfo) => fdinfo,
+        Err(e) => {
+            tracing::error!("Failed to read fdinfo from procfs: {e}");
+            return None;
+        }
+    };
 
-    // 2. Use the connection to query the D-Bus daemon for more info
+    // Find the line that starts with "Pid:"
+    let pid_line = match fdinfo_str.lines().find(|line| line.starts_with("Pid:")) {
+        Some(line) => line,
+        None => {
+            tracing::error!("Failed to read PID from fdinfo");
+            return None;
+        }
+    };
+
+    let pid_str = pid_line[4..].trim();
+
+    // std::process::id() also returns u32
+    let pid: u32 = match pid_str.parse() {
+        Ok(id) => id,
+        Err(e) => {
+            tracing::error!("Failed to parse PID from fdinfo entry: {e}");
+            return None;
+        }
+    };
+
+    Some(pid)
+}
+
+async fn query_peer_pid_via_dbus(
+    connection: &Connection,
+    sender_unique_name: &UniqueName<'_>,
+) -> Option<u32> {
+    // Use the connection to query the D-Bus daemon for more info
     let proxy = match zbus::Proxy::new(
         connection,
         "org.freedesktop.DBus",
@@ -72,7 +135,7 @@ async fn query_connection_peer_binary(
         }
     };
 
-    // 3. Get the Process ID (PID) of the peer
+    // Get the Process ID (PID) of the peer
     let pid_result = match proxy
         .call_method("GetConnectionUnixProcessID", &(sender_unique_name))
         .await
@@ -90,8 +153,33 @@ async fn query_connection_peer_binary(
             return None;
         }
     };
+    Some(pid)
+}
+
+async fn query_connection_peer_binary(
+    header: Header<'_>,
+    connection: &Connection,
+) -> Option<RequestingApplication> {
+    // Get the sender's unique bus name
+    let sender_unique_name = header.sender()?;
+
+    tracing::debug!("Received request from sender: {}", sender_unique_name);
+
+    // Get the senders PID.
+    //
+    // First, try to get the PID via the more secure fdinfo
+    let mut pid = query_peer_pid_via_fdinfo(connection, sender_unique_name).await;
+    // If that fails, we fall back to asking dbus directly for the peers PID
+    if pid.is_none() {
+        pid = query_peer_pid_via_dbus(connection, sender_unique_name).await;
+    }
+
+    let Some(pid) = pid else {
+        tracing::error!("Failed to determine peers PID. Skipping application details query.");
+        return None;
+    };
 
-    // 4. Get binary path via PID from /proc file-system
+    // Get binary path via PID from /proc file-system
     // TODO: To be REALLY sure, we may want to look at /proc/PID/exe instead. It is a symlink to
     //       the actual binary, giving a full path instead of only the command name.
     //       This should in theory be "more secure", but also may disconcert novice users with no
