diff options
author | Tobias Blass <tobiasblass@t-online.de> | 2018-06-13 00:39:24 +0200 |
---|---|---|
committer | Tobias Blass <tobiasblass@t-online.de> | 2018-06-19 00:19:57 +0200 |
commit | a5c091e3026eb41d3a4daef3db95b47a3445aa11 (patch) | |
tree | 3317961dd1425f428ccdebce378e0f010d57a14b /sway/main.c | |
parent | Merge pull request #2143 from vilhalmer/mark-pool-buffers-busy (diff) | |
download | sway-a5c091e3026eb41d3a4daef3db95b47a3445aa11.tar.gz sway-a5c091e3026eb41d3a4daef3db95b47a3445aa11.tar.zst sway-a5c091e3026eb41d3a4daef3db95b47a3445aa11.zip |
Perform (partial) server initialization before dropping privileges.
Some operations during backend creation (e.g. becoming DRM master)
require CAP_SYS_ADMIN privileges. At this point, sway has dropped them
already, though. This patch splits the privileged part of server_init
into its own function and calls it before dropping its privileges.
This fixes the bug with minimal security implications.
Diffstat (limited to 'sway/main.c')
-rw-r--r-- | sway/main.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/sway/main.c b/sway/main.c index a7e808ad..a325dc3a 100644 --- a/sway/main.c +++ b/sway/main.c | |||
@@ -359,6 +359,11 @@ int main(int argc, char **argv) { | |||
359 | 359 | ||
360 | executable_sanity_check(); | 360 | executable_sanity_check(); |
361 | bool suid = false; | 361 | bool suid = false; |
362 | |||
363 | if (!server_privileged_prepare(&server)) { | ||
364 | return 1; | ||
365 | } | ||
366 | |||
362 | #ifdef __linux__ | 367 | #ifdef __linux__ |
363 | if (getuid() != geteuid() || getgid() != getegid()) { | 368 | if (getuid() != geteuid() || getgid() != getegid()) { |
364 | // Retain capabilities after setuid() | 369 | // Retain capabilities after setuid() |