spec: add ProcessFD to GetConnectionCredentials()

Make D-Bus implementations return a file descriptor
pinning the process as part of the credentials on
platforms that implement such concept, like Linux.

Pinning the process allows to defend against PID
reuse attacks, making authentication by
service/cgroup possible.

Signed-off-by: Luca Boccassi <bluca@debian.org>

diff --git a/doc/dbus-specification.xml b/doc/dbus-specification.xml
index cec61b2373c4e80c88b5ad611b15ea676db4693c..5207507c4d5ce5f67c4e9cf99dcb909693c16827 100644 (file)
--- a/doc/dbus-specification.xml
+++ b/doc/dbus-specification.xml
@@ -6942,6 +6942,17 @@
                   to the dictionary.
                 </entry>
               </row>
+              <row>
+                <entry>ProcessFD</entry>
+                <entry>UNIX_FD</entry>
+                <entry>A file descriptor pinning the process, on platforms
+                  that have this concept. On Linux, the SO_PEERPIDFD socket
+                  option is a suitable implementation. This is safer to use
+                  to identify a process than the <literal>ProcessID</literal>,
+                  as the latter is subject to re-use attacks, while the FD
+                  cannot be recycled. If the original process no longer exists
+                  the FD will no longer be resolvable.</entry>
+              </row>
               <row>
                 <entry>ProcessID</entry>
                 <entry>UINT32</entry>