From 6d7ddfd19733f2a8197c1e7ad8fdfef2b7e17c1a Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Thu, 22 Aug 2013 17:37:31 -0400
Subject: [PATCH] pkit: Pass system-bus-name as subject, not pid

Previously, we were forcing polkit to scrape /proc/pid itself for the
uid, which is subject to a race condition if the caller execve()s a
setuid binary.  Passing system-bus-name as a subject allows polkit to
use the valid information from the system bus.
---
 base/pkit.py |    9 ++-------
 1 files changed, 2 insertions(+), 7 deletions(-)

diff --git a/base/pkit.py b/base/pkit.py
index 0acc124..08bebc8 100644
--- a/base/pkit.py
+++ b/base/pkit.py
@@ -176,15 +176,10 @@ class PolicyKitService(dbus.service.Object):
                                     "/org/freedesktop/PolicyKit1/Authority",
                                     "org.freedesktop.PolicyKit1.Authority")
         policy_kit = dbus.Interface(obj, "org.freedesktop.PolicyKit1.Authority")
-        info = dbus.Interface(connection.get_object("org.freedesktop.DBus",
-                                                    "/org/freedesktop/DBus/Bus",
-                                                    False),
-                              "org.freedesktop.DBus")
-        pid = info.GetConnectionUnixProcessID(sender)

         subject = (
-            'unix-process',
-            { 'pid' : dbus.UInt32(pid, variant_level = 1) }
+            'system-bus-name',
+            { 'name' : dbus.String(sender, variant_level = 1) }
         )
         details = { '' : '' }
         flags = dbus.UInt32(1)         # AllowUserInteraction = 0x00000001
--
1.7.1