mirrors/cage
1
0
Fork 0
mirror of https://github.com/cage-kiosk/cage.git synced 2025-10-29 05:40:19 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Cage: drop root on startup like Sway

Browse source 
wlroots may need setuid to run on DRM if built without (e)logind
support.
This commit is contained in:
Jan Beich 2019-04-25 07:08:04 +00:00 committed by Jente Hidskes
parent 3fb89563ae
commit 61894994f3
No known key found for this signature in database
GPG key ID: 04BE5A29F32D91EA
1 changed files with 24 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

24
cage.c
View file

@ -65,6 +65,25 @@ spawn_primary_client(char *argv[], pid_t *pid_out)
return true; return true;
} }
static bool
drop_permissions(void)
{
if (getuid() != geteuid() || getgid() != getegid()) {
if (setuid(getuid()) != 0 || setgid(getgid()) != 0) {
wlr_log(WLR_ERROR, "Unable to drop root, refusing to start");
return false;
}
}
if (setuid(0) != -1) {
wlr_log(WLR_ERROR, "Unable to drop root (we shouldn't be able to "
"restore it after setuid), refusing to start");
return false;
}
return true;
}
static int static int
handle_signal(int signal, void *data) handle_signal(int signal, void *data)
{ {
@ -184,6 +203,11 @@ main(int argc, char *argv[])
goto end; goto end;
} }
if (!drop_permissions()) {
ret = 1;
goto end;
}
renderer = wlr_backend_get_renderer(server.backend); renderer = wlr_backend_get_renderer(server.backend);
wlr_renderer_init_wl_display(renderer, server.wl_display); wlr_renderer_init_wl_display(renderer, server.wl_display);