diff options
-rw-r--r-- | config.d/security | 52 | ||||
-rw-r--r-- | sway/main.c | 23 |
2 files changed, 75 insertions, 0 deletions
diff --git a/config.d/security b/config.d/security new file mode 100644 index 00000000..bff55f0f --- /dev/null +++ b/config.d/security | |||
@@ -0,0 +1,52 @@ | |||
1 | # sway security rules | ||
2 | # | ||
3 | # Read sway-security(7) for details on how to secure your sway install. | ||
4 | # | ||
5 | # You MUST read this man page if you intend to attempt to secure your sway | ||
6 | # installation. | ||
7 | |||
8 | # Configures which programs are allowed to use which sway features | ||
9 | permit $PREFIX/swaylock lock | ||
10 | permit $PREFIX/swaybar panel | ||
11 | permit $PREFIX/swaybg background | ||
12 | permit $PREFIX/swaygrab screenshot | ||
13 | |||
14 | permit * fullscreen keyboard mouse | ||
15 | |||
16 | # Configures which IPC features are enabled | ||
17 | ipc { | ||
18 | command enabled | ||
19 | outputs enabled | ||
20 | workspaces enabled | ||
21 | tree enabled | ||
22 | marks enabled | ||
23 | bar-config enabled | ||
24 | inputs enabled | ||
25 | |||
26 | events { | ||
27 | workspace enabled | ||
28 | output enabled | ||
29 | mode enabled | ||
30 | window enabled | ||
31 | bar-config enabled | ||
32 | binding enabled | ||
33 | modifier enabled | ||
34 | input enabled | ||
35 | } | ||
36 | } | ||
37 | |||
38 | # Limits the contexts from which certain commands are permitted | ||
39 | commands { | ||
40 | fullscreen bindsym criteria | ||
41 | bindsym config | ||
42 | exit bindsym | ||
43 | kill bindsym | ||
44 | |||
45 | # You should not change these unless you know what you're doing - it could | ||
46 | # cripple your security | ||
47 | reload bindsym | ||
48 | restart bindsym | ||
49 | permit config | ||
50 | reject config | ||
51 | ipc config | ||
52 | } | ||
diff --git a/sway/main.c b/sway/main.c index a040cec9..4704f900 100644 --- a/sway/main.c +++ b/sway/main.c | |||
@@ -4,6 +4,7 @@ | |||
4 | #include <wlc/wlc.h> | 4 | #include <wlc/wlc.h> |
5 | #include <sys/wait.h> | 5 | #include <sys/wait.h> |
6 | #include <sys/types.h> | 6 | #include <sys/types.h> |
7 | #include <sys/stat.h> | ||
7 | #include <sys/un.h> | 8 | #include <sys/un.h> |
8 | #include <signal.h> | 9 | #include <signal.h> |
9 | #include <unistd.h> | 10 | #include <unistd.h> |
@@ -142,6 +143,27 @@ static void log_kernel() { | |||
142 | fclose(f); | 143 | fclose(f); |
143 | } | 144 | } |
144 | 145 | ||
146 | static void security_sanity_check() { | ||
147 | // TODO: Notify users visually if this has issues | ||
148 | struct stat s = {0}; | ||
149 | if (stat("/proc", &s)) { | ||
150 | sway_log(L_ERROR, | ||
151 | "!! DANGER !! /proc is not available - sway CANNOT enforce security rules!"); | ||
152 | } | ||
153 | if (!stat(SYSCONFDIR "/sway", &s)) { | ||
154 | if (s.st_uid != 0 || s.st_gid != 0 || s.st_mode != 00755) { | ||
155 | sway_log(L_ERROR, | ||
156 | "!! DANGER !! " SYSCONFDIR "/sway is not secure! It should be owned by root and set to 0755"); | ||
157 | } | ||
158 | } | ||
159 | // TODO: check that these command policies are set | ||
160 | // reload bindsym | ||
161 | // restart bindsym | ||
162 | // permit config | ||
163 | // reject config | ||
164 | // ipc config | ||
165 | } | ||
166 | |||
145 | int main(int argc, char **argv) { | 167 | int main(int argc, char **argv) { |
146 | static int verbose = 0, debug = 0, validate = 0; | 168 | static int verbose = 0, debug = 0, validate = 0; |
147 | 169 | ||
@@ -256,6 +278,7 @@ int main(int argc, char **argv) { | |||
256 | } | 278 | } |
257 | wlc_log_set_handler(wlc_log_handler); | 279 | wlc_log_set_handler(wlc_log_handler); |
258 | detect_proprietary(); | 280 | detect_proprietary(); |
281 | security_sanity_check(); | ||
259 | 282 | ||
260 | input_devices = create_list(); | 283 | input_devices = create_list(); |
261 | 284 | ||