Write example security config, start on code

author: Drew DeVault <sir@cmpwn.com> 2016-12-01 19:27:35 -0500
committer: Drew DeVault <sir@cmpwn.com> 2016-12-01 19:27:35 -0500
commit: 5831f7ab68a7166a492812d6301868541fdc9ae3 (patch)
tree: b25369a4ebde17cf17dfdeef9ce50d52ebe9cf1f
parent: Fix memory leaks in swaybar (diff)
download: sway-5831f7ab68a7166a492812d6301868541fdc9ae3.tar.gz
sway-5831f7ab68a7166a492812d6301868541fdc9ae3.tar.zst
sway-5831f7ab68a7166a492812d6301868541fdc9ae3.zip
2 files changed, 75 insertions, 0 deletions
diff --git a/config.d/security b/config.d/security
new file mode 100644
index 00000000..bff55f0f
--- /dev/null
+++ b/config.d/security
@@ -0,0 +1,52 @@
+# sway security rules
+#
+# Read sway-security(7) for details on how to secure your sway install.
+#
+# You MUST read this man page if you intend to attempt to secure your sway
+# installation.
+# Configures which programs are allowed to use which sway features
+permit $PREFIX/swaylock lock
+permit $PREFIX/swaybar panel
+permit $PREFIX/swaybg background
+permit $PREFIX/swaygrab screenshot
+permit * fullscreen keyboard mouse
+# Configures which IPC features are enabled
+ipc {
+    command enabled
+    outputs enabled
+    workspaces enabled
+    tree enabled
+    marks enabled
+    bar-config enabled
+    inputs enabled
+    events {
+        workspace enabled
+        output enabled
+        mode enabled
+        window enabled
+        bar-config enabled
+        binding enabled
+        modifier enabled
+        input enabled
+    }
+}
+# Limits the contexts from which certain commands are permitted
+commands {
+    fullscreen bindsym criteria
+    bindsym config
+    exit bindsym
+    kill bindsym
+    # You should not change these unless you know what you're doing - it could
+    # cripple your security
+    reload bindsym
+    restart bindsym
+    permit config
+    reject config
+    ipc config
+}
diff --git a/sway/main.c b/sway/main.c
index a040cec9..4704f900 100644
--- a/sway/main.c
+++ b/sway/main.c
@@ -4,6 +4,7 @@
 #include <wlc/wlc.h>
 #include <sys/wait.h>
 #include <sys/types.h>
+#include <sys/stat.h>
 #include <sys/un.h>
 #include <signal.h>
 #include <unistd.h>
@@ -142,6 +143,27 @@ static void log_kernel() {
        fclose(f);
 }
+static void security_sanity_check() {
+        // TODO: Notify users visually if this has issues
+        struct stat s = {0};
+        if (stat("/proc", &s)) {
+                sway_log(L_ERROR,
+                        "!! DANGER !! /proc is not available - sway CANNOT enforce security rules!");
+        }
+        if (!stat(SYSCONFDIR "/sway", &s)) {
+                if (s.st_uid != 0 || s.st_gid != 0 || s.st_mode != 00755) {
+                        sway_log(L_ERROR,
+                                "!! DANGER !! " SYSCONFDIR "/sway is not secure! It should be owned by root and set to 0755");
+                }
+        }
+        // TODO: check that these command policies are set
+    // reload bindsym
+    // restart bindsym
+    // permit config
+    // reject config
+    // ipc config
+}
 int main(int argc, char **argv) {
        static int verbose = 0, debug = 0, validate = 0;
@@ -256,6 +278,7 @@ int main(int argc, char **argv) {
        }
        wlc_log_set_handler(wlc_log_handler);
        detect_proprietary();
+        security_sanity_check();
        input_devices = create_list();
author	Drew DeVault <sir@cmpwn.com>	2016-12-01 19:27:35 -0500
committer	Drew DeVault <sir@cmpwn.com>	2016-12-01 19:27:35 -0500
commit	5831f7ab68a7166a492812d6301868541fdc9ae3 (patch)
tree	b25369a4ebde17cf17dfdeef9ce50d52ebe9cf1f
parent	Fix memory leaks in swaybar (diff)
download	sway-5831f7ab68a7166a492812d6301868541fdc9ae3.tar.gz sway-5831f7ab68a7166a492812d6301868541fdc9ae3.tar.zst sway-5831f7ab68a7166a492812d6301868541fdc9ae3.zip

diff --git a/config.d/security b/config.d/security new file mode 100644 index 00000000..bff55f0f --- /dev/null +++ b/config.d/security
@@ -0,0 +1,52 @@
		1	# sway security rules
		2	#
		3	# Read sway-security(7) for details on how to secure your sway install.
		4	#
		5	# You MUST read this man page if you intend to attempt to secure your sway
		6	# installation.
		7
		8	# Configures which programs are allowed to use which sway features
		9	permit $PREFIX/swaylock lock
		10	permit $PREFIX/swaybar panel
		11	permit $PREFIX/swaybg background
		12	permit $PREFIX/swaygrab screenshot
		13
		14	permit * fullscreen keyboard mouse
		15
		16	# Configures which IPC features are enabled
		17	ipc {
		18	command enabled
		19	outputs enabled
		20	workspaces enabled
		21	tree enabled
		22	marks enabled
		23	bar-config enabled
		24	inputs enabled
		25
		26	events {
		27	workspace enabled
		28	output enabled
		29	mode enabled
		30	window enabled
		31	bar-config enabled
		32	binding enabled
		33	modifier enabled
		34	input enabled
		35	}
		36	}
		37
		38	# Limits the contexts from which certain commands are permitted
		39	commands {
		40	fullscreen bindsym criteria
		41	bindsym config
		42	exit bindsym
		43	kill bindsym
		44
		45	# You should not change these unless you know what you're doing - it could
		46	# cripple your security
		47	reload bindsym
		48	restart bindsym
		49	permit config
		50	reject config
		51	ipc config
		52	}


diff --git a/sway/main.c b/sway/main.c index a040cec9..4704f900 100644 --- a/sway/main.c +++ b/sway/main.c
@@ -4,6 +4,7 @@
4	#include <wlc/wlc.h>	4	#include <wlc/wlc.h>
5	#include <sys/wait.h>	5	#include <sys/wait.h>
6	#include <sys/types.h>	6	#include <sys/types.h>
		7	#include <sys/stat.h>
7	#include <sys/un.h>	8	#include <sys/un.h>
8	#include <signal.h>	9	#include <signal.h>
9	#include <unistd.h>	10	#include <unistd.h>
@@ -142,6 +143,27 @@ static void log_kernel() {
142	fclose(f);	143	fclose(f);
143	}	144	}
144		145
		146	static void security_sanity_check() {
		147	// TODO: Notify users visually if this has issues
		148	struct stat s = {0};
		149	if (stat("/proc", &s)) {
		150	sway_log(L_ERROR,
		151	"!! DANGER !! /proc is not available - sway CANNOT enforce security rules!");
		152	}
		153	if (!stat(SYSCONFDIR "/sway", &s)) {
		154	if (s.st_uid != 0 \|\| s.st_gid != 0 \|\| s.st_mode != 00755) {
		155	sway_log(L_ERROR,
		156	"!! DANGER !! " SYSCONFDIR "/sway is not secure! It should be owned by root and set to 0755");
		157	}
		158	}
		159	// TODO: check that these command policies are set
		160	// reload bindsym
		161	// restart bindsym
		162	// permit config
		163	// reject config
		164	// ipc config
		165	}
		166
145	int main(int argc, char **argv) {	167	int main(int argc, char **argv) {
146	static int verbose = 0, debug = 0, validate = 0;	168	static int verbose = 0, debug = 0, validate = 0;
147		169
@@ -256,6 +278,7 @@ int main(int argc, char **argv) {
256	}	278	}
257	wlc_log_set_handler(wlc_log_handler);	279	wlc_log_set_handler(wlc_log_handler);
258	detect_proprietary();	280	detect_proprietary();
		281	security_sanity_check();
259		282
260	input_devices = create_list();	283	input_devices = create_list();
261		284