feat: 修复dde-api-proxy安全漏洞

根据CVE-2013-4288,采用SystemBusNameSubject Log: 修复dde-api-proxy安全漏洞 pms: task-372233
linuxdeepin · Feb 7, 2025 · e2d872f · e2d872f
1 parent 53805d7
commit e2d872f
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/src/dbus-proxy/common/dbusproxybase.hpp b/src/dbus-proxy/common/dbusproxybase.hpp
@@ -98,10 +98,9 @@ class DBusProxyBase : public QDBusVirtualObject {
 
     bool checkAuthorization(const QString &actionId, const QString &service,const QDBusConnection &connection) const
     {
-        auto pid = connection.interface()->servicePid(service).value();
         auto authority = PolkitQt1::Authority::instance();
         auto result = authority->checkAuthorizationSync(actionId,
-                                                        PolkitQt1::UnixProcessSubject(pid),
+                                                        PolkitQt1::SystemBusNameSubject(service),
                                                         PolkitQt1::Authority::AllowUserInteraction);
         if (authority->hasError()) {
             qWarning() << "checkAuthorizationSync failed:" << authority->lastError()