Refuse to start when SUID is detected

This ensures that those surprised by the deprecation of SUID operation receive an error rather than accidentally having sway run as root. This detection will be removed in a future release.
author: Kenny Levinsen <kl@kl.wtf> 2022-06-01 20:01:19 +0200
committer: Simon Ser <contact@emersion.fr> 2022-06-03 12:37:40 +0200
commit: e5728052b59fb5b476c78c9f18b812a85d7f4503 (patch)
tree: a456d2cbdc8aad99cc713682447b9e55379b6d18 /sway/main.c
parent: ipc: remove chatty debug log messages (diff)
download: sway-e5728052b59fb5b476c78c9f18b812a85d7f4503.tar.gz
sway-e5728052b59fb5b476c78c9f18b812a85d7f4503.tar.zst
sway-e5728052b59fb5b476c78c9f18b812a85d7f4503.zip
1 files changed, 13 insertions, 31 deletions
diff --git a/sway/main.c b/sway/main.c
index a0033c45..a46e5231 100644
--- a/sway/main.c
+++ b/sway/main.c
@@ -150,27 +150,17 @@ static void log_kernel(void) {
        pclose(f);
 }
+static bool detect_suid(void) {
-static bool drop_permissions(void) {
+        if (geteuid() != 0 && getegid() != 0) {
-        if (getuid() != geteuid() || getgid() != getegid()) {
+                return false;
-                sway_log(SWAY_ERROR, "!!! DEPRECATION WARNING: "
-                        "SUID privilege drop will be removed in a future release, please migrate to seatd-launch");
-                // Set the gid and uid in the correct order.
-                if (setgid(getgid()) != 0) {
-                        sway_log(SWAY_ERROR, "Unable to drop root group, refusing to start");
-                        return false;
-                }
-                if (setuid(getuid()) != 0) {
-                        sway_log(SWAY_ERROR, "Unable to drop root user, refusing to start");
-                        return false;
-                }
        }
-        if (setgid(0) != -1 || setuid(0) != -1) {
-                sway_log(SWAY_ERROR, "Unable to drop root (we shouldn't be able to "
+        if (getuid() == geteuid() && getgid() == getegid()) {
-                        "restore it after setuid), refusing to start");
                return false;
        }
+        sway_log(SWAY_ERROR, "SUID operation is no longer supported, refusing to start. "
+                        "This check will be removed in a future release.");
        return true;
 }
@@ -319,6 +309,11 @@ int main(int argc, char **argv) {
                }
        }
+        // SUID operation is deprecated, so block it for now.
+        if (detect_suid()) {
+                exit(EXIT_FAILURE);
+        }
        // Since wayland requires XDG_RUNTIME_DIR to be set, abort with just the
        // clear error message (when not running as an IPC client).
        if (!getenv("XDG_RUNTIME_DIR") && optind == argc) {
@@ -357,9 +352,6 @@ int main(int argc, char **argv) {
                                        "`sway -d 2>sway.log`.");
                        exit(EXIT_FAILURE);
                }
-                if (!drop_permissions()) {
-                        exit(EXIT_FAILURE);
-                }
                char *socket_path = getenv("SWAYSOCK");
                if (!socket_path) {
                        sway_log(SWAY_ERROR, "Unable to retrieve socket path");
@@ -372,16 +364,6 @@ int main(int argc, char **argv) {
        }
        detect_proprietary(allow_unsupported_gpu);
-        if (!server_privileged_prepare(&server)) {
-                return 1;
-        }
-        if (!drop_permissions()) {
-                server_fini(&server);
-                exit(EXIT_FAILURE);
-        }
        increase_nofile_limit();
        // handle SIGTERM signals
author	Kenny Levinsen <kl@kl.wtf>	2022-06-01 20:01:19 +0200
committer	Simon Ser <contact@emersion.fr>	2022-06-03 12:37:40 +0200
commit	e5728052b59fb5b476c78c9f18b812a85d7f4503 (patch)
tree	a456d2cbdc8aad99cc713682447b9e55379b6d18 /sway/main.c
parent	ipc: remove chatty debug log messages (diff)
download	sway-e5728052b59fb5b476c78c9f18b812a85d7f4503.tar.gz sway-e5728052b59fb5b476c78c9f18b812a85d7f4503.tar.zst sway-e5728052b59fb5b476c78c9f18b812a85d7f4503.zip

diff --git a/sway/main.c b/sway/main.c index a0033c45..a46e5231 100644 --- a/sway/main.c +++ b/sway/main.c
@@ -150,27 +150,17 @@ static void log_kernel(void) {
150	pclose(f);	150	pclose(f);
151	}	151	}
152		152
153		153	static bool detect_suid(void) {
154	static bool drop_permissions(void) {	154	if (geteuid() != 0 && getegid() != 0) {
155	if (getuid() != geteuid() \|\| getgid() != getegid()) {	155	return false;
156	sway_log(SWAY_ERROR, "!!! DEPRECATION WARNING: "
157	"SUID privilege drop will be removed in a future release, please migrate to seatd-launch");
158
159	// Set the gid and uid in the correct order.
160	if (setgid(getgid()) != 0) {
161	sway_log(SWAY_ERROR, "Unable to drop root group, refusing to start");
162	return false;
163	}
164	if (setuid(getuid()) != 0) {
165	sway_log(SWAY_ERROR, "Unable to drop root user, refusing to start");
166	return false;
167	}
168	}	156	}
169	if (setgid(0) != -1 \|\| setuid(0) != -1) {	157
170	sway_log(SWAY_ERROR, "Unable to drop root (we shouldn't be able to "	158	if (getuid() == geteuid() && getgid() == getegid()) {
171	"restore it after setuid), refusing to start");
172	return false;	159	return false;
173	}	160	}
		161
		162	sway_log(SWAY_ERROR, "SUID operation is no longer supported, refusing to start. "
		163	"This check will be removed in a future release.");
174	return true;	164	return true;
175	}	165	}
176		166
@@ -319,6 +309,11 @@ int main(int argc, char **argv) {
319	}	309	}
320	}	310	}
321		311
		312	// SUID operation is deprecated, so block it for now.
		313	if (detect_suid()) {
		314	exit(EXIT_FAILURE);
		315	}
		316
322	// Since wayland requires XDG_RUNTIME_DIR to be set, abort with just the	317	// Since wayland requires XDG_RUNTIME_DIR to be set, abort with just the
323	// clear error message (when not running as an IPC client).	318	// clear error message (when not running as an IPC client).
324	if (!getenv("XDG_RUNTIME_DIR") && optind == argc) {	319	if (!getenv("XDG_RUNTIME_DIR") && optind == argc) {
@@ -357,9 +352,6 @@ int main(int argc, char **argv) {
357	"`sway -d 2>sway.log`.");	352	"`sway -d 2>sway.log`.");
358	exit(EXIT_FAILURE);	353	exit(EXIT_FAILURE);
359	}	354	}
360	if (!drop_permissions()) {
361	exit(EXIT_FAILURE);
362	}
363	char *socket_path = getenv("SWAYSOCK");	355	char *socket_path = getenv("SWAYSOCK");
364	if (!socket_path) {	356	if (!socket_path) {
365	sway_log(SWAY_ERROR, "Unable to retrieve socket path");	357	sway_log(SWAY_ERROR, "Unable to retrieve socket path");
@@ -372,16 +364,6 @@ int main(int argc, char **argv) {
372	}	364	}
373		365
374	detect_proprietary(allow_unsupported_gpu);	366	detect_proprietary(allow_unsupported_gpu);
375
376	if (!server_privileged_prepare(&server)) {
377	return 1;
378	}
379
380	if (!drop_permissions()) {
381	server_fini(&server);
382	exit(EXIT_FAILURE);
383	}
384
385	increase_nofile_limit();	367	increase_nofile_limit();
386		368
387	// handle SIGTERM signals	369	// handle SIGTERM signals