diff options
Diffstat (limited to 'sway')
-rw-r--r-- | sway/main.c | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/sway/main.c b/sway/main.c index a040cec9..4704f900 100644 --- a/sway/main.c +++ b/sway/main.c | |||
@@ -4,6 +4,7 @@ | |||
4 | #include <wlc/wlc.h> | 4 | #include <wlc/wlc.h> |
5 | #include <sys/wait.h> | 5 | #include <sys/wait.h> |
6 | #include <sys/types.h> | 6 | #include <sys/types.h> |
7 | #include <sys/stat.h> | ||
7 | #include <sys/un.h> | 8 | #include <sys/un.h> |
8 | #include <signal.h> | 9 | #include <signal.h> |
9 | #include <unistd.h> | 10 | #include <unistd.h> |
@@ -142,6 +143,27 @@ static void log_kernel() { | |||
142 | fclose(f); | 143 | fclose(f); |
143 | } | 144 | } |
144 | 145 | ||
146 | static void security_sanity_check() { | ||
147 | // TODO: Notify users visually if this has issues | ||
148 | struct stat s = {0}; | ||
149 | if (stat("/proc", &s)) { | ||
150 | sway_log(L_ERROR, | ||
151 | "!! DANGER !! /proc is not available - sway CANNOT enforce security rules!"); | ||
152 | } | ||
153 | if (!stat(SYSCONFDIR "/sway", &s)) { | ||
154 | if (s.st_uid != 0 || s.st_gid != 0 || s.st_mode != 00755) { | ||
155 | sway_log(L_ERROR, | ||
156 | "!! DANGER !! " SYSCONFDIR "/sway is not secure! It should be owned by root and set to 0755"); | ||
157 | } | ||
158 | } | ||
159 | // TODO: check that these command policies are set | ||
160 | // reload bindsym | ||
161 | // restart bindsym | ||
162 | // permit config | ||
163 | // reject config | ||
164 | // ipc config | ||
165 | } | ||
166 | |||
145 | int main(int argc, char **argv) { | 167 | int main(int argc, char **argv) { |
146 | static int verbose = 0, debug = 0, validate = 0; | 168 | static int verbose = 0, debug = 0, validate = 0; |
147 | 169 | ||
@@ -256,6 +278,7 @@ int main(int argc, char **argv) { | |||
256 | } | 278 | } |
257 | wlc_log_set_handler(wlc_log_handler); | 279 | wlc_log_set_handler(wlc_log_handler); |
258 | detect_proprietary(); | 280 | detect_proprietary(); |
281 | security_sanity_check(); | ||
259 | 282 | ||
260 | input_devices = create_list(); | 283 | input_devices = create_list(); |
261 | 284 | ||