From 933e21f13a44c556dcc1e4ce5c2493baf785ee76 Mon Sep 17 00:00:00 2001 From: David Zeuthen Date: Mon, 10 Aug 2009 10:17:51 -0400 Subject: [PATCH] Be more careful when determining process start time --- src/polkit/polkitunixprocess.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c index 0a410be..b75203f 100644 --- a/src/polkit/polkitunixprocess.c +++ b/src/polkit/polkitunixprocess.c @@ -408,8 +408,11 @@ get_start_time_for_pid (pid_t pid, if (!g_file_get_contents (filename, &contents, &length, error)) goto out; - /* start time is the 19th token after the '(process name)' entry */ - p = strchr (contents, ')'); + /* start time is the 19th token after the '(process name)' entry - since only this + * field can contain the ')' character, search backwards for this to avoid malicious + * processes trying to fool us + */ + p = strrchr (contents, ')'); if (p == NULL) { g_set_error (error, -- 2.7.4