diff options
| author |  Drew DeVault <sir@cmpwn.com> | 2016-12-02 08:47:03 -0500 |
|---|---|---|
| committer | Drew DeVault <sir@cmpwn.com> | 2016-12-02 08:47:47 -0500 |
| commit | 10c21250402aa8127a6700bc0330f47c7439f5bb (patch) | |
| tree | 6732549afe4b7aacdddbc4a041435fd184ffcef4 /sway/main.c | |
| parent | Flesh out security_sanity_check (diff) | |
| download | sway-10c21250402aa8127a6700bc0330f47c7439f5bb.tar.gz sway-10c21250402aa8127a6700bc0330f47c7439f5bb.tar.zst sway-10c21250402aa8127a6700bc0330f47c7439f5bb.zip | |
Unset LD_PRELOAD on startup (before dropping root)
LD_PRELOAD enables keyloggers to easily be made. This solution isn't
perfect - really a secure system wouldn't have LD_PRELOAD at all. It was
a stupid idea in the first place.
Diffstat (limited to 'sway/main.c')
| -rw-r--r-- | sway/main.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/sway/main.c b/sway/main.c index d396089c..1db88da2 100644 --- a/sway/main.c +++ b/sway/main.c | |||
| @@ -220,6 +220,8 @@ int main(int argc, char **argv) { | |||
| 220 | " --get-socketpath Gets the IPC socket path and prints it, then exits.\n" | 220 | " --get-socketpath Gets the IPC socket path and prints it, then exits.\n" |
| 221 | "\n"; | 221 | "\n"; |
| 222 | 222 | ||
| 223 | unsetenv("LD_PRELOAD"); // Security | ||
| 224 | |||
| 223 | int c; | 225 | int c; |
| 224 | while (1) { | 226 | while (1) { |
| 225 | int option_index = 0; | 227 | int option_index = 0; |