From d3d4a129e73b4746ed5f0fab00ae986f7a491c87 Mon Sep 17 00:00:00 2001 From: Jan Beich Date: Mon, 13 Sep 2021 13:30:59 +0000 Subject: [PATCH] cage: allow running as root when not using setuid bit --- cage.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cage.c b/cage.c index 95f0cc7..807aefe 100644 --- a/cage.c +++ b/cage.c @@ -149,7 +149,12 @@ cleanup_primary_client(pid_t pid) static bool drop_permissions(void) { + if (getuid() == 0 || getgid() == 0) { + wlr_log(WLR_INFO, "Running as root user, this is dangerous"); + return true; + } if (getuid() != geteuid() || getgid() != getegid()) { + wlr_log(WLR_INFO, "setuid/setgid bit detected, dropping permissions"); // Set the gid and uid in the correct order. if (setgid(getgid()) != 0 || setuid(getuid()) != 0) { wlr_log(WLR_ERROR, "Unable to drop root, refusing to start");