diff options
author | Mykyta Holubakha <hilobakho@gmail.com> | 2017-05-10 02:51:28 +0300 |
---|---|---|
committer | Mykyta Holubakha <hilobakho@gmail.com> | 2017-05-11 19:33:57 +0300 |
commit | 93cf21fb9afd8205f01399ed2d8dcbe16b522fa4 (patch) | |
tree | f95f15cb320b14620e56abc376396351f9cee706 /sway | |
parent | Initialise logging earlier (diff) | |
download | sway-93cf21fb9afd8205f01399ed2d8dcbe16b522fa4.tar.gz sway-93cf21fb9afd8205f01399ed2d8dcbe16b522fa4.tar.zst sway-93cf21fb9afd8205f01399ed2d8dcbe16b522fa4.zip |
Terminate when both suid bit and filecaps are set
Diffstat (limited to 'sway')
-rw-r--r-- | sway/main.c | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/sway/main.c b/sway/main.c index 3d2d6c68..819788b1 100644 --- a/sway/main.c +++ b/sway/main.c | |||
@@ -27,6 +27,7 @@ | |||
27 | #include "stringop.h" | 27 | #include "stringop.h" |
28 | #include "sway.h" | 28 | #include "sway.h" |
29 | #include "log.h" | 29 | #include "log.h" |
30 | #include "util.h" | ||
30 | 31 | ||
31 | static bool terminate_request = false; | 32 | static bool terminate_request = false; |
32 | static int exit_value = 0; | 33 | static int exit_value = 0; |
@@ -209,6 +210,27 @@ static void security_sanity_check() { | |||
209 | #endif | 210 | #endif |
210 | } | 211 | } |
211 | 212 | ||
213 | static void executable_sanity_check() { | ||
214 | #ifdef __linux__ | ||
215 | struct stat sb; | ||
216 | char *exe = realpath("/proc/self/exe", NULL); | ||
217 | stat(exe, &sb); | ||
218 | // We assume that cap_get_file returning NULL implies ENODATA | ||
219 | if (sb.st_mode & (S_ISUID|S_ISGID) && cap_get_file(exe)) { | ||
220 | sway_log(L_ERROR, | ||
221 | "sway executable has both the s(g)uid bit AND file caps set."); | ||
222 | sway_log(L_ERROR, | ||
223 | "This is strongly discouraged (and completely broken)."); | ||
224 | sway_log(L_ERROR, | ||
225 | "Please clear one of them (either the suid bit, or the file caps)."); | ||
226 | sway_log(L_ERROR, | ||
227 | "If unsure, strip the file caps."); | ||
228 | exit(EXIT_FAILURE); | ||
229 | } | ||
230 | free(exe); | ||
231 | #endif | ||
232 | } | ||
233 | |||
212 | int main(int argc, char **argv) { | 234 | int main(int argc, char **argv) { |
213 | static int verbose = 0, debug = 0, validate = 0; | 235 | static int verbose = 0, debug = 0, validate = 0; |
214 | 236 | ||
@@ -326,6 +348,7 @@ int main(int argc, char **argv) { | |||
326 | return 0; | 348 | return 0; |
327 | } | 349 | } |
328 | 350 | ||
351 | executable_sanity_check(); | ||
329 | #ifdef __linux__ | 352 | #ifdef __linux__ |
330 | bool suid = false; | 353 | bool suid = false; |
331 | if (getuid() != geteuid() || getgid() != getegid()) { | 354 | if (getuid() != geteuid() || getgid() != getegid()) { |