Files
container/Sources/ContainerXPC
J Logan b2f5f3ff2f Adds client uid validation to XPC server. (#896)
- When a user performs an `su` the effective UID changes but the bootstrap
  mach port does not, so that if container is running as `alice` from a
  GUI login session, it's possible to `su bob` and continue running
  container. While this doesn't pose a significant security risk as it's
  necessary for Alice to know Bob's password and manually enter it with
  `su`, this change closes the loophole by validating that client UID from
  the caller's audit token matches that of the API server.
2025-11-19 00:41:56 -03:00
..