1 files changed, 13 insertions, 31 deletions
diff --git a/sway/main.c b/sway/main.c
index a0033c45..a46e5231 100644
--- a/sway/main.c
+++ b/sway/main.c
@@ -150,27 +150,17 @@ static void log_kernel(void) {
        pclose(f);
 }
+static bool detect_suid(void) {
-static bool drop_permissions(void) {
+        if (geteuid() != 0 && getegid() != 0) {
-        if (getuid() != geteuid() || getgid() != getegid()) {
+                return false;
-                sway_log(SWAY_ERROR, "!!! DEPRECATION WARNING: "
-                        "SUID privilege drop will be removed in a future release, please migrate to seatd-launch");
-                // Set the gid and uid in the correct order.
-                if (setgid(getgid()) != 0) {
-                        sway_log(SWAY_ERROR, "Unable to drop root group, refusing to start");
-                        return false;
-                }
-                if (setuid(getuid()) != 0) {
-                        sway_log(SWAY_ERROR, "Unable to drop root user, refusing to start");
-                        return false;
-                }
        }
-        if (setgid(0) != -1 || setuid(0) != -1) {
-                sway_log(SWAY_ERROR, "Unable to drop root (we shouldn't be able to "
+        if (getuid() == geteuid() && getgid() == getegid()) {
-                        "restore it after setuid), refusing to start");
                return false;
        }
+        sway_log(SWAY_ERROR, "SUID operation is no longer supported, refusing to start. "
+                        "This check will be removed in a future release.");
        return true;
 }
@@ -319,6 +309,11 @@ int main(int argc, char **argv) {
                }
        }
+        // SUID operation is deprecated, so block it for now.
+        if (detect_suid()) {
+                exit(EXIT_FAILURE);
+        }
        // Since wayland requires XDG_RUNTIME_DIR to be set, abort with just the
        // clear error message (when not running as an IPC client).
        if (!getenv("XDG_RUNTIME_DIR") && optind == argc) {
@@ -357,9 +352,6 @@ int main(int argc, char **argv) {
                                        "`sway -d 2>sway.log`.");
                        exit(EXIT_FAILURE);
                }
-                if (!drop_permissions()) {
-                        exit(EXIT_FAILURE);
-                }
                char *socket_path = getenv("SWAYSOCK");
                if (!socket_path) {
                        sway_log(SWAY_ERROR, "Unable to retrieve socket path");
@@ -372,16 +364,6 @@ int main(int argc, char **argv) {
        }
        detect_proprietary(allow_unsupported_gpu);
-        if (!server_privileged_prepare(&server)) {
-                return 1;
-        }
-        if (!drop_permissions()) {
-                server_fini(&server);
-                exit(EXIT_FAILURE);
-        }
        increase_nofile_limit();
        // handle SIGTERM signals

diff --git a/sway/main.c b/sway/main.c index a0033c45..a46e5231 100644 --- a/sway/main.c +++ b/sway/main.c
@@ -150,27 +150,17 @@ static void log_kernel(void) {
150	pclose(f);	150	pclose(f);
151	}	151	}
152		152
153		153	static bool detect_suid(void) {
154	static bool drop_permissions(void) {	154	if (geteuid() != 0 && getegid() != 0) {
155	if (getuid() != geteuid() \|\| getgid() != getegid()) {	155	return false;
156	sway_log(SWAY_ERROR, "!!! DEPRECATION WARNING: "
157	"SUID privilege drop will be removed in a future release, please migrate to seatd-launch");
158
159	// Set the gid and uid in the correct order.
160	if (setgid(getgid()) != 0) {
161	sway_log(SWAY_ERROR, "Unable to drop root group, refusing to start");
162	return false;
163	}
164	if (setuid(getuid()) != 0) {
165	sway_log(SWAY_ERROR, "Unable to drop root user, refusing to start");
166	return false;
167	}
168	}	156	}
169	if (setgid(0) != -1 \|\| setuid(0) != -1) {	157
170	sway_log(SWAY_ERROR, "Unable to drop root (we shouldn't be able to "	158	if (getuid() == geteuid() && getgid() == getegid()) {
171	"restore it after setuid), refusing to start");
172	return false;	159	return false;
173	}	160	}
		161
		162	sway_log(SWAY_ERROR, "SUID operation is no longer supported, refusing to start. "
		163	"This check will be removed in a future release.");
174	return true;	164	return true;
175	}	165	}
176		166
@@ -319,6 +309,11 @@ int main(int argc, char **argv) {
319	}	309	}
320	}	310	}
321		311
		312	// SUID operation is deprecated, so block it for now.
		313	if (detect_suid()) {
		314	exit(EXIT_FAILURE);
		315	}
		316
322	// Since wayland requires XDG_RUNTIME_DIR to be set, abort with just the	317	// Since wayland requires XDG_RUNTIME_DIR to be set, abort with just the
323	// clear error message (when not running as an IPC client).	318	// clear error message (when not running as an IPC client).
324	if (!getenv("XDG_RUNTIME_DIR") && optind == argc) {	319	if (!getenv("XDG_RUNTIME_DIR") && optind == argc) {
@@ -357,9 +352,6 @@ int main(int argc, char **argv) {
357	"`sway -d 2>sway.log`.");	352	"`sway -d 2>sway.log`.");
358	exit(EXIT_FAILURE);	353	exit(EXIT_FAILURE);
359	}	354	}
360	if (!drop_permissions()) {
361	exit(EXIT_FAILURE);
362	}
363	char *socket_path = getenv("SWAYSOCK");	355	char *socket_path = getenv("SWAYSOCK");
364	if (!socket_path) {	356	if (!socket_path) {
365	sway_log(SWAY_ERROR, "Unable to retrieve socket path");	357	sway_log(SWAY_ERROR, "Unable to retrieve socket path");
@@ -372,16 +364,6 @@ int main(int argc, char **argv) {
372	}	364	}
373		365
374	detect_proprietary(allow_unsupported_gpu);	366	detect_proprietary(allow_unsupported_gpu);
375
376	if (!server_privileged_prepare(&server)) {
377	return 1;
378	}
379
380	if (!drop_permissions()) {
381	server_fini(&server);
382	exit(EXIT_FAILURE);
383	}
384
385	increase_nofile_limit();	367	increase_nofile_limit();
386		368
387	// handle SIGTERM signals	369	// handle SIGTERM signals