mirrors/sway
1
0
Fork 0
mirror of https://github.com/swaywm/sway.git synced 2025-11-07 13:29:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update for swaywm/wlroots#1126

Browse source
This commit is contained in:
emersion 2018-07-09 22:54:30 +01:00
parent ebcdce457a
commit 63b4bf5000
No known key found for this signature in database
GPG key ID: 0FDE7BE0E88F5E48
85 changed files with 391 additions and 385 deletions
Download patch file Download diff file Expand all files Collapse all files

50
sway/main.c
View file

@ -129,7 +129,7 @@ static void log_env() {
"SWAYSOCK"
};
for (size_t i = 0; i < sizeof(log_vars) / sizeof(char *); ++i) {
wlr_log(L_INFO, "%s=%s", log_vars[i], getenv(log_vars[i]));
wlr_log(WLR_INFO, "%s=%s", log_vars[i], getenv(log_vars[i]));
}
}
@ -144,14 +144,14 @@ static void log_distro() {
for (size_t i = 0; i < sizeof(paths) / sizeof(char *); ++i) {
FILE *f = fopen(paths[i], "r");
if (f) {
wlr_log(L_INFO, "Contents of %s:", paths[i]);
wlr_log(WLR_INFO, "Contents of %s:", paths[i]);
while (!feof(f)) {
char *line;
if (!(line = read_line(f))) {
break;
}
if (*line) {
wlr_log(L_INFO, "%s", line);
wlr_log(WLR_INFO, "%s", line);
}
free(line);
}
@ -163,7 +163,7 @@ static void log_distro() {
static void log_kernel() {
FILE *f = popen("uname -a", "r");
if (!f) {
wlr_log(L_INFO, "Unable to determine kernel version");
wlr_log(WLR_INFO, "Unable to determine kernel version");
return;
}
while (!feof(f)) {
@ -172,7 +172,7 @@ static void log_kernel() {
break;
}
if (*line) {
wlr_log(L_INFO, "%s", line);
wlr_log(WLR_INFO, "%s", line);
}
free(line);
}
@ -183,14 +183,14 @@ static void security_sanity_check() {
// TODO: Notify users visually if this has issues
struct stat s;
if (stat("/proc", &s)) {
wlr_log(L_ERROR,
wlr_log(WLR_ERROR,
"!! DANGER !! /proc is not available - sway CANNOT enforce security rules!");
}
#ifdef __linux__
cap_flag_value_t v;
cap_t cap = cap_get_proc();
if (!cap || cap_get_flag(cap, CAP_SYS_PTRACE, CAP_PERMITTED, &v) != 0 || v != CAP_SET) {
wlr_log(L_ERROR,
wlr_log(WLR_ERROR,
"!! DANGER !! Sway does not have CAP_SYS_PTRACE and cannot enforce security rules for processes running as other users.");
}
if (cap) {
@ -206,13 +206,13 @@ static void executable_sanity_check() {
stat(exe, &sb);
// We assume that cap_get_file returning NULL implies ENODATA
if (sb.st_mode & (S_ISUID|S_ISGID) && cap_get_file(exe)) {
wlr_log(L_ERROR,
wlr_log(WLR_ERROR,
"sway executable has both the s(g)uid bit AND file caps set.");
wlr_log(L_ERROR,
wlr_log(WLR_ERROR,
"This is strongly discouraged (and completely broken).");
wlr_log(L_ERROR,
wlr_log(WLR_ERROR,
"Please clear one of them (either the suid bit, or the file caps).");
wlr_log(L_ERROR,
wlr_log(WLR_ERROR,
"If unsure, strip the file caps.");
exit(EXIT_FAILURE);
}
@ -223,16 +223,16 @@ static void executable_sanity_check() {
static void drop_permissions(bool keep_caps) {
if (getuid() != geteuid() || getgid() != getegid()) {
if (setgid(getgid()) != 0) {
wlr_log(L_ERROR, "Unable to drop root");
wlr_log(WLR_ERROR, "Unable to drop root");
exit(EXIT_FAILURE);
}
if (setuid(getuid()) != 0) {
wlr_log(L_ERROR, "Unable to drop root");
wlr_log(WLR_ERROR, "Unable to drop root");
exit(EXIT_FAILURE);
}
}
if (setuid(0) != -1) {
wlr_log(L_ERROR, "Root privileges can be restored.");
wlr_log(WLR_ERROR, "Root privileges can be restored.");
exit(EXIT_FAILURE);
}
#ifdef __linux__
@ -240,11 +240,11 @@ static void drop_permissions(bool keep_caps) {
// Drop every cap except CAP_SYS_PTRACE
cap_t caps = cap_init();
cap_value_t keep = CAP_SYS_PTRACE;
wlr_log(L_INFO, "Dropping extra capabilities");
wlr_log(WLR_INFO, "Dropping extra capabilities");
if (cap_set_flag(caps, CAP_PERMITTED, 1, &keep, CAP_SET) ||
cap_set_flag(caps, CAP_EFFECTIVE, 1, &keep, CAP_SET) ||
cap_set_proc(caps)) {
wlr_log(L_ERROR, "Failed to drop extra capabilities");
wlr_log(WLR_ERROR, "Failed to drop extra capabilities");
exit(EXIT_FAILURE);
}
}
@ -335,22 +335,22 @@ int main(int argc, char **argv) {
// TODO: switch logging over to wlroots?
if (debug) {
wlr_log_init(L_DEBUG, NULL);
wlr_log_init(WLR_DEBUG, NULL);
} else if (verbose || validate) {
wlr_log_init(L_INFO, NULL);
wlr_log_init(WLR_INFO, NULL);
} else {
wlr_log_init(L_ERROR, NULL);
wlr_log_init(WLR_ERROR, NULL);
}
if (optind < argc) { // Behave as IPC client
if(optind != 1) {
wlr_log(L_ERROR, "Don't use options with the IPC client");
wlr_log(WLR_ERROR, "Don't use options with the IPC client");
exit(EXIT_FAILURE);
}
drop_permissions(false);
char *socket_path = getenv("SWAYSOCK");
if (!socket_path) {
wlr_log(L_ERROR, "Unable to retrieve socket path");
wlr_log(WLR_ERROR, "Unable to retrieve socket path");
exit(EXIT_FAILURE);
}
char *command = join_args(argv + optind, argc - optind);
@ -369,7 +369,7 @@ int main(int argc, char **argv) {
if (getuid() != geteuid() || getgid() != getegid()) {
// Retain capabilities after setuid()
if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0)) {
wlr_log(L_ERROR, "Cannot keep caps after setuid()");
wlr_log(WLR_ERROR, "Cannot keep caps after setuid()");
exit(EXIT_FAILURE);
}
suid = true;
@ -390,7 +390,7 @@ int main(int argc, char **argv) {
// prevent ipc from crashing sway
signal(SIGPIPE, SIG_IGN);
wlr_log(L_INFO, "Starting sway version " SWAY_VERSION);
wlr_log(WLR_INFO, "Starting sway version " SWAY_VERSION);
layout_init();
@ -423,7 +423,7 @@ int main(int argc, char **argv) {
char *line = config->cmd_queue->items[0];
struct cmd_results *res = execute_command(line, NULL);
if (res->status != CMD_SUCCESS) {
wlr_log(L_ERROR, "Error on line '%s': %s", line, res->error);
wlr_log(WLR_ERROR, "Error on line '%s': %s", line, res->error);
}
free_cmd_results(res);
free(line);
@ -434,7 +434,7 @@ int main(int argc, char **argv) {
server_run(&server);
}
wlr_log(L_INFO, "Shutting down sway");
wlr_log(WLR_INFO, "Shutting down sway");
server_fini(&server);