On Wed, Jun 3, 2015, at 05:22 PM, Colin Walters wrote: > Or should I just revert it?
I ended up pushing a revert, as I wanted to cleanly investigate other options. > # Idea 1: Pass and verify uid > - Add a new API AuthenticationAgentResponse2 which also takes a uint32 uid. > - Change polkit-agent-helper-1 to read the real uid, and try calling the new > API, falling back if it doesn't exist (for the case where a package is > upgraded but the service wasn't restarted) > - Change get_authentication_session_for_cookie() to match session->subject > with that uid I started this in https://bugs.freedesktop.org/show_bug.cgi?id=90837 _______________________________________________ polkit-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/polkit-devel
