aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar Drew DeVault <sir@cmpwn.com>2018-11-01 19:01:18 +0100
committerLibravatar GitHub <noreply@github.com>2018-11-01 19:01:18 +0100
commitb1aec1ef14459e3458ebb85a69bccad97e7658e7 (patch)
tree8c0e29162c4e3413f74751e6955e505ed1781c1d
parentFix #2992 (diff)
parentTeardown compositor when failing to drop permissions (diff)
downloadsway-b1aec1ef14459e3458ebb85a69bccad97e7658e7.tar.gz
sway-b1aec1ef14459e3458ebb85a69bccad97e7658e7.tar.zst
sway-b1aec1ef14459e3458ebb85a69bccad97e7658e7.zip
Merge pull request #3028 from emersion/disambiguate-drop-root-error
Make it clear that being able to restore root is a failure
Diffstat
-rw-r--r--sway/main.c29
1 files changed, 18 insertions, 11 deletions
diff --git a/sway/main.c b/sway/main.c
index cc5f7187..920cea11 100644
--- a/sway/main.c
+++ b/sway/main.c
@@ -29,7 +29,7 @@
29 29
30static bool terminate_request = false; 30static bool terminate_request = false;
31static int exit_value = 0; 31static int exit_value = 0;
32struct sway_server server; 32struct sway_server server = {0};
33 33
34void sway_terminate(int exit_code) { 34void sway_terminate(int exit_code) {
35 terminate_request = true; 35 terminate_request = true;
@@ -194,21 +194,23 @@ static void log_kernel(void) {
194} 194}
195 195
196 196
197static void drop_permissions(void) { 197static bool drop_permissions(void) {
198 if (getuid() != geteuid() || getgid() != getegid()) { 198 if (getuid() != geteuid() || getgid() != getegid()) {
199 if (setgid(getgid()) != 0) { 199 if (setgid(getgid()) != 0) {
200 wlr_log(WLR_ERROR, "Unable to drop root"); 200 wlr_log(WLR_ERROR, "Unable to drop root, refusing to start");
201 exit(EXIT_FAILURE); 201 return false;
202 } 202 }
203 if (setuid(getuid()) != 0) { 203 if (setuid(getuid()) != 0) {
204 wlr_log(WLR_ERROR, "Unable to drop root"); 204 wlr_log(WLR_ERROR, "Unable to drop root, refusing to start");
205 exit(EXIT_FAILURE); 205 return false;
206 } 206 }
207 } 207 }
208 if (setuid(0) != -1) { 208 if (setuid(0) != -1) {
209 wlr_log(WLR_ERROR, "Root privileges can be restored."); 209 wlr_log(WLR_ERROR, "Unable to drop root (we shouldn't be able to "
210 exit(EXIT_FAILURE); 210 "restore it after setuid), refusing to start");
211 return false;
211 } 212 }
213 return true;
212} 214}
213 215
214void enable_debug_flag(const char *flag) { 216void enable_debug_flag(const char *flag) {
@@ -317,11 +319,13 @@ int main(int argc, char **argv) {
317 } 319 }
318 320
319 if (optind < argc) { // Behave as IPC client 321 if (optind < argc) { // Behave as IPC client
320 if(optind != 1) { 322 if (optind != 1) {
321 wlr_log(WLR_ERROR, "Don't use options with the IPC client"); 323 wlr_log(WLR_ERROR, "Don't use options with the IPC client");
322 exit(EXIT_FAILURE); 324 exit(EXIT_FAILURE);
323 } 325 }
324 drop_permissions(); 326 if (!drop_permissions()) {
327 exit(EXIT_FAILURE);
328 }
325 char *socket_path = getenv("SWAYSOCK"); 329 char *socket_path = getenv("SWAYSOCK");
326 if (!socket_path) { 330 if (!socket_path) {
327 wlr_log(WLR_ERROR, "Unable to retrieve socket path"); 331 wlr_log(WLR_ERROR, "Unable to retrieve socket path");
@@ -341,7 +345,10 @@ int main(int argc, char **argv) {
341 detect_proprietary(allow_unsupported_gpu); 345 detect_proprietary(allow_unsupported_gpu);
342 detect_raspi(); 346 detect_raspi();
343 347
344 drop_permissions(); 348 if (!drop_permissions()) {
349 server_fini(&server);
350 exit(EXIT_FAILURE);
351 }
345 352
346 // handle SIGTERM signals 353 // handle SIGTERM signals
347 signal(SIGTERM, sig_handler); 354 signal(SIGTERM, sig_handler);
generated by cgit v1.2.3-54-g00ecf (git 2.45.1) at 2024-06-03 10:16:45 +0000