mirror of
https://github.com/labwc/labwc.git
synced 2025-10-29 05:40:24 -04:00
Refuse to start when SUID is detected
This ensures that those surprised by the deprecation of SUID operation receive an error rather than accidentally having run as root. swaywm/sway@e572805
This commit is contained in:
Johan Malm
John Lindgren
parent
1c80dbd6ef
commit
573a521cf1
2 changed files with 15 additions and 32 deletions
15
src/main.c
15
src/main.c
|
|
@ -47,6 +47,19 @@ usage(void)
|
|||
exit(0);
|
||||
}
|
||||
|
||||
static void
|
||||
die_on_detecting_suid(void)
|
||||
{
|
||||
if (geteuid() != 0 && getegid() != 0) {
|
||||
return;
|
||||
}
|
||||
if (getuid() == geteuid() && getgid() == getegid()) {
|
||||
return;
|
||||
}
|
||||
wlr_log(WLR_ERROR, "SUID detected - aborting");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
static void
|
||||
send_signal_to_labwc_pid(int signal)
|
||||
{
|
||||
|
|
@ -118,6 +131,8 @@ main(int argc, char *argv[])
|
|||
|
||||
wlr_log_init(verbosity, NULL);
|
||||
|
||||
die_on_detecting_suid();
|
||||
|
||||
if (!rc.config_dir) {
|
||||
rc.config_dir = config_dir();
|
||||
}
|
||||
|
|
|
|||
32
src/server.c
32
src/server.c
|
|
@ -66,28 +66,6 @@ handle_sigterm(int signal, void *data)
|
|||
return 0;
|
||||
}
|
||||
|
||||
static void
|
||||
drop_permissions(void)
|
||||
{
|
||||
if (getuid() != geteuid() || getgid() != getegid()) {
|
||||
wlr_log(WLR_ERROR, "!!! DEPRECATION WARNING: "
|
||||
"SUID privilege drop will be removed in future releases; "
|
||||
"Please migrate to seatd-launch");
|
||||
if (setgid(getgid())) {
|
||||
wlr_log(WLR_ERROR, "unable to drop root group");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
if (setuid(getuid())) {
|
||||
wlr_log(WLR_ERROR, "unable to drop root user");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
}
|
||||
if (setgid(0) != -1 || setuid(0) != -1) {
|
||||
wlr_log(WLR_ERROR, "unable to drop root");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
}
|
||||
|
||||
static void
|
||||
seat_inhibit_input(struct seat *seat, struct wl_client *active_client)
|
||||
{
|
||||
|
|
@ -217,16 +195,6 @@ server_init(struct server *server)
|
|||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
/*
|
||||
* The wlroots library makes use of systemd's logind to handle sessions
|
||||
* and to allow compositors to run without elevated privileges.
|
||||
* If running without logind or elogind, users may choose to set the
|
||||
* setuid bit on the labwc executable despite associated security
|
||||
* implications. In order to support this, but limit the elevated
|
||||
* privileges as much as possible, we drop permissions at this point.
|
||||
*/
|
||||
drop_permissions();
|
||||
|
||||
/*
|
||||
* Autocreates a renderer, either Pixman, GLES2 or Vulkan for us. The
|
||||
* user can also specify a renderer using the WLR_RENDERER env var.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue