diff options
author | D.B <thejan.2009@gmail.com> | 2016-09-20 15:49:16 +0200 |
---|---|---|
committer | D.B <thejan.2009@gmail.com> | 2016-09-20 16:25:32 +0200 |
commit | 5e585f96037854842827db478a978ff959026713 (patch) | |
tree | 7e0bf08bce1b793e68035a4fa8ebd7f008ec0e1d /sway/main.c | |
parent | Merge pull request #909 from zandrmartin/grab-focused (diff) | |
download | sway-5e585f96037854842827db478a978ff959026713.tar.gz sway-5e585f96037854842827db478a978ff959026713.tar.zst sway-5e585f96037854842827db478a978ff959026713.zip |
Split setgid and setuid, add privilege check
This commit deals with issue #884. I consulted the following sources:
https://www.securecoding.cert.org/confluence/display/c/POS36-C.+Observe+correct+revocation+order+while+relinquishing+privileges
and
https://www.securecoding.cert.org/confluence/display/c/POS37-C.+Ensure+that+privilege+relinquishment+is+successful
Diffstat (limited to 'sway/main.c')
-rw-r--r-- | sway/main.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/sway/main.c b/sway/main.c index 972b260b..660da18c 100644 --- a/sway/main.c +++ b/sway/main.c | |||
@@ -156,10 +156,18 @@ int main(int argc, char **argv) { | |||
156 | exit(EXIT_FAILURE); | 156 | exit(EXIT_FAILURE); |
157 | } | 157 | } |
158 | if (getuid() != geteuid() || getgid() != getegid()) { | 158 | if (getuid() != geteuid() || getgid() != getegid()) { |
159 | if (setgid(getgid()) != 0 || setuid(getuid()) != 0) { | 159 | if (setgid(getgid()) != 0) { |
160 | sway_log(L_ERROR, "Unable to drop root"); | 160 | sway_log(L_ERROR, "Unable to drop root"); |
161 | exit(EXIT_FAILURE); | 161 | exit(EXIT_FAILURE); |
162 | } | 162 | } |
163 | if (setuid(getuid()) != 0) { | ||
164 | sway_log(L_ERROR, "Unable to drop root"); | ||
165 | exit(EXIT_FAILURE); | ||
166 | } | ||
167 | } | ||
168 | if (setuid(0) != -1) { | ||
169 | sway_log(L_ERROR, "Root privileges can be restored."); | ||
170 | exit(EXIT_FAILURE); | ||
163 | } | 171 | } |
164 | char *socket_path = getenv("SWAYSOCK"); | 172 | char *socket_path = getenv("SWAYSOCK"); |
165 | if (!socket_path) { | 173 | if (!socket_path) { |