mirrors/sway
1
0
Fork 0
mirror of https://github.com/swaywm/sway.git synced 2025-11-03 09:01:43 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix ordering of setgid and setuid

Browse source 
It looks like the code to drop privileges may have been broken via
commit 37f0e1f. That commit reverted the correct order from #911, which
first drops the gid then the uid. If setuid is called first then the
target user may not have the ability to setgid.
This commit is contained in:
Teddy Reed 2020-02-10 21:29:26 -05:00 committed by Simon Ser
parent 0b709702c1
commit 31a83bd48d
1 changed files with 8 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

11
sway/main.c
View file

@ -186,12 +186,17 @@ static void log_kernel(void) {
static bool drop_permissions(void) { static bool drop_permissions(void) {
if (getuid() != geteuid() || getgid() != getegid()) { if (getuid() != geteuid() || getgid() != getegid()) {
if (setuid(getuid()) != 0 || setgid(getgid()) != 0) { // Set the gid and uid in the correct order.
sway_log(SWAY_ERROR, "Unable to drop root, refusing to start"); if (setgid(getgid()) != 0) {
sway_log(SWAY_ERROR, "Unable to drop root group, refusing to start");
return false;
}
if (setuid(getuid()) != 0) {
sway_log(SWAY_ERROR, "Unable to drop root user, refusing to start");
return false; return false;
} }
} }
if (setuid(0) != -1) { if (setgid(0) != -1 || setuid(0) != -1) {
sway_log(SWAY_ERROR, "Unable to drop root (we shouldn't be able to " sway_log(SWAY_ERROR, "Unable to drop root (we shouldn't be able to "
"restore it after setuid), refusing to start"); "restore it after setuid), refusing to start");
return false; return false;