Hi, It seems that in the log the comm= field contain an extra whitespace at the end: "dbus-daemon[23494]: [session uid=1000 pid=23494] Connection :1.0 (uid=1000 pid=23495 comm="dbus-monitor " label="unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023") became a monitor." Looking at the code, it seems that _dbus_command_for_pid() is at fault here. /proc/<pid>/cmdline also contain a final \0 which is translated to a whitespace, this one should probably be stripped?
Yes, it seems cmdline consists of \0-terminated (rather than \0-separated) words. When translating those into space-separated words for the comm field, the last \0 should be eaten. % sh -c 'xxd /proc/$$/cmdline' 00000000: 7368 002d 6300 7878 6420 2f70 726f 632f sh.-c.xxd /proc/ 00000010: 2424 2f63 6d64 6c69 6e65 00 $$/cmdline. % sh -c 'xxd /proc/$$/cmdline' arg0 arg1 "" 00000000: 7368 002d 6300 7878 6420 2f70 726f 632f sh.-c.xxd /proc/ 00000010: 2424 2f63 6d64 6c69 6e65 0061 7267 3000 $$/cmdline.arg0. 00000020: 6172 6731 0000 arg1.. |<----->| arg1 ->||<- empty string between two \0
Note that /proc/pid/cmdline is trivial to fake (e.g. avahi-daemon edits its own command-line to show status), so comm is just a debug/diagnostic thing, and is not suitable to make part of a security feature.
-- GitLab Migration Automatic Message -- This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/dbus/dbus/issues/222.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.