Review from SUSE security team
Quoting from https://bugzilla.suse.com/show_bug.cgi?id=1217182:
I am done with the processlist_helper. There is nothing too wrong with it
security wise but it has some quirks:
- sendsignal is racy in nature, since PIDs can be recycled. It's a pretty
generic interface to send arbitrary signals to arbitrary PIDs. This has to
be `auth_admin` forever.
- renice is even racier in nature and can fail by accident, since they
try to renice each thread of a process via /proc/<pid>/task.
- changeioscheduler and changecpuscheduler: these are similar to renice. Here
raw integer constant are passed for the io class, for example. This could be
improved by passing string labels or properly casting from/to enums.
In all of these functions a nonsensical approach is found for specifying
multiple PIDs to operate on:
There is a `pidcount` integer and then for the count of PIDs the code looks
for further entries in the QVariantMap named `pid%i`. This is only bloating
the code and making everything more complex. They *do* have a QVariantMap
after all, so why not place a proper list or vector data structure in there?