mirrors/cage
1
0
Fork 0
mirror of https://github.com/cage-kiosk/cage.git synced 2026-02-05 04:06:24 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

cage: allow running as root when not using setuid bit

Browse source
This commit is contained in:
Jan Beich 2021-09-13 13:30:59 +00:00 committed by Jente Hidskes Ankarberg
parent a81ab701d7
commit d3d4a129e7
1 changed files with 5 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
cage.c
View file

@ -149,7 +149,12 @@ cleanup_primary_client(pid_t pid)
static bool static bool
drop_permissions(void) drop_permissions(void)
{ {
if (getuid() == 0 || getgid() == 0) {
wlr_log(WLR_INFO, "Running as root user, this is dangerous");
return true;
}
if (getuid() != geteuid() || getgid() != getegid()) { if (getuid() != geteuid() || getgid() != getegid()) {
wlr_log(WLR_INFO, "setuid/setgid bit detected, dropping permissions");
// Set the gid and uid in the correct order. // Set the gid and uid in the correct order.
if (setgid(getgid()) != 0 || setuid(getuid()) != 0) { if (setgid(getgid()) != 0 || setuid(getuid()) != 0) {
wlr_log(WLR_ERROR, "Unable to drop root, refusing to start"); wlr_log(WLR_ERROR, "Unable to drop root, refusing to start");