1 files changed, 9 insertions, 72 deletions
diff --git a/sway/main.c b/sway/main.c
index 990f5f3a..dea4a31c 100644
--- a/sway/main.c
+++ b/sway/main.c
@@ -12,10 +12,6 @@
 #include <sys/wait.h>
 #include <sys/un.h>
 #include <unistd.h>
-#ifdef __linux__
-#include <sys/capability.h>
-#include <sys/prctl.h>
-#endif
 #include <wlr/util/log.h>
 #include "sway/commands.h"
 #include "sway/config.h"
@@ -45,7 +41,7 @@ void sig_handler(int signal) {
        sway_terminate(EXIT_SUCCESS);
 }
-void detect_raspi() {
+void detect_raspi(void) {
        bool raspi = false;
        FILE *f = fopen("/sys/firmware/devicetree/base/model", "r");
        if (!f) {
@@ -85,7 +81,7 @@ void detect_raspi() {
        }
 }
-void detect_proprietary() {
+void detect_proprietary(void) {
        FILE *f = fopen("/proc/modules", "r");
        if (!f) {
                return;
@@ -120,7 +116,7 @@ void run_as_ipc_client(char *command, char *socket_path) {
        close(socketfd);
 }
-static void log_env() {
+static void log_env(void) {
        const char *log_vars[] = {
                "PATH",
                "LD_LIBRARY_PATH",
@@ -135,7 +131,7 @@ static void log_env() {
        }
 }
-static void log_distro() {
+static void log_distro(void) {
        const char *paths[] = {
                "/etc/lsb-release",
                "/etc/os-release",
@@ -162,7 +158,7 @@ static void log_distro() {
        }
 }
-static void log_kernel() {
+static void log_kernel(void) {
        FILE *f = popen("uname -a", "r");
        if (!f) {
                wlr_log(WLR_INFO, "Unable to determine kernel version");
@@ -181,28 +177,8 @@ static void log_kernel() {
        pclose(f);
 }
-static void executable_sanity_check() {
-#ifdef __linux__
-                struct stat sb;
-                char *exe = realpath("/proc/self/exe", NULL);
-                stat(exe, &sb);
-                // We assume that cap_get_file returning NULL implies ENODATA
-                if (sb.st_mode & (S_ISUID|S_ISGID) && cap_get_file(exe)) {
-                        wlr_log(WLR_ERROR,
-                                "sway executable has both the s(g)uid bit AND file caps set.");
-                        wlr_log(WLR_ERROR,
-                                "This is strongly discouraged (and completely broken).");
-                        wlr_log(WLR_ERROR,
-                                "Please clear one of them (either the suid bit, or the file caps).");
-                        wlr_log(WLR_ERROR,
-                                "If unsure, strip the file caps.");
-                        exit(EXIT_FAILURE);
-                }
-                free(exe);
-#endif
-}
-static void drop_permissions(bool keep_caps) {
+static void drop_permissions(void) {
        if (getuid() != geteuid() || getgid() != getegid()) {
                if (setgid(getgid()) != 0) {
                        wlr_log(WLR_ERROR, "Unable to drop root");
@@ -217,20 +193,6 @@ static void drop_permissions(bool keep_caps) {
                wlr_log(WLR_ERROR, "Root privileges can be restored.");
                exit(EXIT_FAILURE);
        }
-#ifdef __linux__
-        if (keep_caps) {
-                // Drop every cap except CAP_SYS_PTRACE
-                cap_t caps = cap_init();
-                cap_value_t keep = CAP_SYS_PTRACE;
-                wlr_log(WLR_INFO, "Dropping extra capabilities");
-                if (cap_set_flag(caps, CAP_PERMITTED, 1, &keep, CAP_SET) ||
-                        cap_set_flag(caps, CAP_EFFECTIVE, 1, &keep, CAP_SET) ||
-                        cap_set_proc(caps)) {
-                        wlr_log(WLR_ERROR, "Failed to drop extra capabilities");
-                        exit(EXIT_FAILURE);
-                }
-        }
-#endif
 }
 void enable_debug_flag(const char *flag) {
@@ -279,14 +241,6 @@ int main(int argc, char **argv) {
                "      --get-socketpath   Gets the IPC socket path and prints it, then exits.\n"
                "\n";
-        // Security:
-        unsetenv("LD_PRELOAD");
-#ifdef _LD_LIBRARY_PATH
-        setenv("LD_LIBRARY_PATH", _LD_LIBRARY_PATH, 1);
-#else
-        unsetenv("LD_LIBRARY_PATH");
-#endif
        int c;
        while (1) {
                int option_index = 0;
@@ -347,7 +301,7 @@ int main(int argc, char **argv) {
                        wlr_log(WLR_ERROR, "Don't use options with the IPC client");
                        exit(EXIT_FAILURE);
                }
-                drop_permissions(false);
+                drop_permissions();
                char *socket_path = getenv("SWAYSOCK");
                if (!socket_path) {
                        wlr_log(WLR_ERROR, "Unable to retrieve socket path");
@@ -358,34 +312,17 @@ int main(int argc, char **argv) {
                return 0;
        }
-        executable_sanity_check();
-        bool suid = false;
        if (!server_privileged_prepare(&server)) {
                return 1;
        }
-#if defined(__linux__) || defined(__FreeBSD__)
-        if (getuid() != geteuid() || getgid() != getegid()) {
-#ifdef __linux__
-                // Retain capabilities after setuid()
-                if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0)) {
-                        wlr_log(WLR_ERROR, "Cannot keep caps after setuid()");
-                        exit(EXIT_FAILURE);
-                }
-#endif
-                suid = true;
-        }
-#endif
        log_kernel();
        log_distro();
        detect_proprietary();
        detect_raspi();
-#if defined(__linux__) || defined(__FreeBSD__)
+        drop_permissions();
-        drop_permissions(suid);
-#endif
        // handle SIGTERM signals
        signal(SIGTERM, sig_handler);

diff --git a/sway/main.c b/sway/main.c index 990f5f3a..dea4a31c 100644 --- a/sway/main.c +++ b/sway/main.c
@@ -12,10 +12,6 @@
12	#include <sys/wait.h>	12	#include <sys/wait.h>
13	#include <sys/un.h>	13	#include <sys/un.h>
14	#include <unistd.h>	14	#include <unistd.h>
15	#ifdef __linux__
16	#include <sys/capability.h>
17	#include <sys/prctl.h>
18	#endif
19	#include <wlr/util/log.h>	15	#include <wlr/util/log.h>
20	#include "sway/commands.h"	16	#include "sway/commands.h"
21	#include "sway/config.h"	17	#include "sway/config.h"
@@ -45,7 +41,7 @@ void sig_handler(int signal) {
45	sway_terminate(EXIT_SUCCESS);	41	sway_terminate(EXIT_SUCCESS);
46	}	42	}
47		43
48	void detect_raspi() {	44	void detect_raspi(void) {
49	bool raspi = false;	45	bool raspi = false;
50	FILE *f = fopen("/sys/firmware/devicetree/base/model", "r");	46	FILE *f = fopen("/sys/firmware/devicetree/base/model", "r");
51	if (!f) {	47	if (!f) {
@@ -85,7 +81,7 @@ void detect_raspi() {
85	}	81	}
86	}	82	}
87		83
88	void detect_proprietary() {	84	void detect_proprietary(void) {
89	FILE *f = fopen("/proc/modules", "r");	85	FILE *f = fopen("/proc/modules", "r");
90	if (!f) {	86	if (!f) {
91	return;	87	return;
@@ -120,7 +116,7 @@ void run_as_ipc_client(char command, char socket_path) {
120	close(socketfd);	116	close(socketfd);
121	}	117	}
122		118
123	static void log_env() {	119	static void log_env(void) {
124	const char *log_vars[] = {	120	const char *log_vars[] = {
125	"PATH",	121	"PATH",
126	"LD_LIBRARY_PATH",	122	"LD_LIBRARY_PATH",
@@ -135,7 +131,7 @@ static void log_env() {
135	}	131	}
136	}	132	}
137		133
138	static void log_distro() {	134	static void log_distro(void) {
139	const char *paths[] = {	135	const char *paths[] = {
140	"/etc/lsb-release",	136	"/etc/lsb-release",
141	"/etc/os-release",	137	"/etc/os-release",
@@ -162,7 +158,7 @@ static void log_distro() {
162	}	158	}
163	}	159	}
164		160
165	static void log_kernel() {	161	static void log_kernel(void) {
166	FILE *f = popen("uname -a", "r");	162	FILE *f = popen("uname -a", "r");
167	if (!f) {	163	if (!f) {
168	wlr_log(WLR_INFO, "Unable to determine kernel version");	164	wlr_log(WLR_INFO, "Unable to determine kernel version");
@@ -181,28 +177,8 @@ static void log_kernel() {
181	pclose(f);	177	pclose(f);
182	}	178	}
183		179
184	static void executable_sanity_check() {
185	#ifdef __linux__
186	struct stat sb;
187	char *exe = realpath("/proc/self/exe", NULL);
188	stat(exe, &sb);
189	// We assume that cap_get_file returning NULL implies ENODATA
190	if (sb.st_mode & (S_ISUID\|S_ISGID) && cap_get_file(exe)) {
191	wlr_log(WLR_ERROR,
192	"sway executable has both the s(g)uid bit AND file caps set.");
193	wlr_log(WLR_ERROR,
194	"This is strongly discouraged (and completely broken).");
195	wlr_log(WLR_ERROR,
196	"Please clear one of them (either the suid bit, or the file caps).");
197	wlr_log(WLR_ERROR,
198	"If unsure, strip the file caps.");
199	exit(EXIT_FAILURE);
200	}
201	free(exe);
202	#endif
203	}
204		180
205	static void drop_permissions(bool keep_caps) {	181	static void drop_permissions(void) {
206	if (getuid() != geteuid() \|\| getgid() != getegid()) {	182	if (getuid() != geteuid() \|\| getgid() != getegid()) {
207	if (setgid(getgid()) != 0) {	183	if (setgid(getgid()) != 0) {
208	wlr_log(WLR_ERROR, "Unable to drop root");	184	wlr_log(WLR_ERROR, "Unable to drop root");
@@ -217,20 +193,6 @@ static void drop_permissions(bool keep_caps) {
217	wlr_log(WLR_ERROR, "Root privileges can be restored.");	193	wlr_log(WLR_ERROR, "Root privileges can be restored.");
218	exit(EXIT_FAILURE);	194	exit(EXIT_FAILURE);
219	}	195	}
220	#ifdef __linux__
221	if (keep_caps) {
222	// Drop every cap except CAP_SYS_PTRACE
223	cap_t caps = cap_init();
224	cap_value_t keep = CAP_SYS_PTRACE;
225	wlr_log(WLR_INFO, "Dropping extra capabilities");
226	if (cap_set_flag(caps, CAP_PERMITTED, 1, &keep, CAP_SET) \|\|
227	cap_set_flag(caps, CAP_EFFECTIVE, 1, &keep, CAP_SET) \|\|
228	cap_set_proc(caps)) {
229	wlr_log(WLR_ERROR, "Failed to drop extra capabilities");
230	exit(EXIT_FAILURE);
231	}
232	}
233	#endif
234	}	196	}
235		197
236	void enable_debug_flag(const char *flag) {	198	void enable_debug_flag(const char *flag) {
@@ -279,14 +241,6 @@ int main(int argc, char **argv) {
279	" --get-socketpath Gets the IPC socket path and prints it, then exits.\n"	241	" --get-socketpath Gets the IPC socket path and prints it, then exits.\n"
280	"\n";	242	"\n";
281		243
282	// Security:
283	unsetenv("LD_PRELOAD");
284	#ifdef _LD_LIBRARY_PATH
285	setenv("LD_LIBRARY_PATH", _LD_LIBRARY_PATH, 1);
286	#else
287	unsetenv("LD_LIBRARY_PATH");
288	#endif
289
290	int c;	244	int c;
291	while (1) {	245	while (1) {
292	int option_index = 0;	246	int option_index = 0;
@@ -347,7 +301,7 @@ int main(int argc, char **argv) {
347	wlr_log(WLR_ERROR, "Don't use options with the IPC client");	301	wlr_log(WLR_ERROR, "Don't use options with the IPC client");
348	exit(EXIT_FAILURE);	302	exit(EXIT_FAILURE);
349	}	303	}
350	drop_permissions(false);	304	drop_permissions();
351	char *socket_path = getenv("SWAYSOCK");	305	char *socket_path = getenv("SWAYSOCK");
352	if (!socket_path) {	306	if (!socket_path) {
353	wlr_log(WLR_ERROR, "Unable to retrieve socket path");	307	wlr_log(WLR_ERROR, "Unable to retrieve socket path");
@@ -358,34 +312,17 @@ int main(int argc, char **argv) {
358	return 0;	312	return 0;
359	}	313	}
360		314
361	executable_sanity_check();
362	bool suid = false;
363
364	if (!server_privileged_prepare(&server)) {	315	if (!server_privileged_prepare(&server)) {
365	return 1;	316	return 1;
366	}	317	}
367		318
368	#if defined(__linux__) \|\| defined(__FreeBSD__)
369	if (getuid() != geteuid() \|\| getgid() != getegid()) {
370	#ifdef __linux__
371	// Retain capabilities after setuid()
372	if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0)) {
373	wlr_log(WLR_ERROR, "Cannot keep caps after setuid()");
374	exit(EXIT_FAILURE);
375	}
376	#endif
377	suid = true;
378	}
379	#endif
380
381	log_kernel();	319	log_kernel();
382	log_distro();	320	log_distro();
383	detect_proprietary();	321	detect_proprietary();
384	detect_raspi();	322	detect_raspi();
385		323
386	#if defined(__linux__) \|\| defined(__FreeBSD__)	324	drop_permissions();
387	drop_permissions(suid);	325
388	#endif
389	// handle SIGTERM signals	326	// handle SIGTERM signals
390	signal(SIGTERM, sig_handler);	327	signal(SIGTERM, sig_handler);
391		328