diff options
author | Kenny Levinsen <kl@kl.wtf> | 2022-06-01 20:01:19 +0200 |
---|---|---|
committer | Simon Ser <contact@emersion.fr> | 2022-06-03 12:37:40 +0200 |
commit | e5728052b59fb5b476c78c9f18b812a85d7f4503 (patch) | |
tree | a456d2cbdc8aad99cc713682447b9e55379b6d18 /sway/main.c | |
parent | ipc: remove chatty debug log messages (diff) | |
download | sway-e5728052b59fb5b476c78c9f18b812a85d7f4503.tar.gz sway-e5728052b59fb5b476c78c9f18b812a85d7f4503.tar.zst sway-e5728052b59fb5b476c78c9f18b812a85d7f4503.zip |
Refuse to start when SUID is detected
This ensures that those surprised by the deprecation of SUID operation
receive an error rather than accidentally having sway run as root.
This detection will be removed in a future release.
Diffstat (limited to 'sway/main.c')
-rw-r--r-- | sway/main.c | 44 |
1 files changed, 13 insertions, 31 deletions
diff --git a/sway/main.c b/sway/main.c index a0033c45..a46e5231 100644 --- a/sway/main.c +++ b/sway/main.c | |||
@@ -150,27 +150,17 @@ static void log_kernel(void) { | |||
150 | pclose(f); | 150 | pclose(f); |
151 | } | 151 | } |
152 | 152 | ||
153 | 153 | static bool detect_suid(void) { | |
154 | static bool drop_permissions(void) { | 154 | if (geteuid() != 0 && getegid() != 0) { |
155 | if (getuid() != geteuid() || getgid() != getegid()) { | 155 | return false; |
156 | sway_log(SWAY_ERROR, "!!! DEPRECATION WARNING: " | ||
157 | "SUID privilege drop will be removed in a future release, please migrate to seatd-launch"); | ||
158 | |||
159 | // Set the gid and uid in the correct order. | ||
160 | if (setgid(getgid()) != 0) { | ||
161 | sway_log(SWAY_ERROR, "Unable to drop root group, refusing to start"); | ||
162 | return false; | ||
163 | } | ||
164 | if (setuid(getuid()) != 0) { | ||
165 | sway_log(SWAY_ERROR, "Unable to drop root user, refusing to start"); | ||
166 | return false; | ||
167 | } | ||
168 | } | 156 | } |
169 | if (setgid(0) != -1 || setuid(0) != -1) { | 157 | |
170 | sway_log(SWAY_ERROR, "Unable to drop root (we shouldn't be able to " | 158 | if (getuid() == geteuid() && getgid() == getegid()) { |
171 | "restore it after setuid), refusing to start"); | ||
172 | return false; | 159 | return false; |
173 | } | 160 | } |
161 | |||
162 | sway_log(SWAY_ERROR, "SUID operation is no longer supported, refusing to start. " | ||
163 | "This check will be removed in a future release."); | ||
174 | return true; | 164 | return true; |
175 | } | 165 | } |
176 | 166 | ||
@@ -319,6 +309,11 @@ int main(int argc, char **argv) { | |||
319 | } | 309 | } |
320 | } | 310 | } |
321 | 311 | ||
312 | // SUID operation is deprecated, so block it for now. | ||
313 | if (detect_suid()) { | ||
314 | exit(EXIT_FAILURE); | ||
315 | } | ||
316 | |||
322 | // Since wayland requires XDG_RUNTIME_DIR to be set, abort with just the | 317 | // Since wayland requires XDG_RUNTIME_DIR to be set, abort with just the |
323 | // clear error message (when not running as an IPC client). | 318 | // clear error message (when not running as an IPC client). |
324 | if (!getenv("XDG_RUNTIME_DIR") && optind == argc) { | 319 | if (!getenv("XDG_RUNTIME_DIR") && optind == argc) { |
@@ -357,9 +352,6 @@ int main(int argc, char **argv) { | |||
357 | "`sway -d 2>sway.log`."); | 352 | "`sway -d 2>sway.log`."); |
358 | exit(EXIT_FAILURE); | 353 | exit(EXIT_FAILURE); |
359 | } | 354 | } |
360 | if (!drop_permissions()) { | ||
361 | exit(EXIT_FAILURE); | ||
362 | } | ||
363 | char *socket_path = getenv("SWAYSOCK"); | 355 | char *socket_path = getenv("SWAYSOCK"); |
364 | if (!socket_path) { | 356 | if (!socket_path) { |
365 | sway_log(SWAY_ERROR, "Unable to retrieve socket path"); | 357 | sway_log(SWAY_ERROR, "Unable to retrieve socket path"); |
@@ -372,16 +364,6 @@ int main(int argc, char **argv) { | |||
372 | } | 364 | } |
373 | 365 | ||
374 | detect_proprietary(allow_unsupported_gpu); | 366 | detect_proprietary(allow_unsupported_gpu); |
375 | |||
376 | if (!server_privileged_prepare(&server)) { | ||
377 | return 1; | ||
378 | } | ||
379 | |||
380 | if (!drop_permissions()) { | ||
381 | server_fini(&server); | ||
382 | exit(EXIT_FAILURE); | ||
383 | } | ||
384 | |||
385 | increase_nofile_limit(); | 367 | increase_nofile_limit(); |
386 | 368 | ||
387 | // handle SIGTERM signals | 369 | // handle SIGTERM signals |