diff options
Diffstat (limited to 'sway')
-rw-r--r-- | sway/config/seat.c | 2 | ||||
-rw-r--r-- | sway/debug-tree.c | 2 | ||||
-rw-r--r-- | sway/input/cursor.c | 2 | ||||
-rw-r--r-- | sway/ipc-json.c | 2 | ||||
-rw-r--r-- | sway/main.c | 73 | ||||
-rw-r--r-- | sway/meson.build | 1 | ||||
-rw-r--r-- | sway/tree/container.c | 2 |
7 files changed, 14 insertions, 70 deletions
diff --git a/sway/config/seat.c b/sway/config/seat.c index 83dac4c0..46456caf 100644 --- a/sway/config/seat.c +++ b/sway/config/seat.c | |||
@@ -30,7 +30,7 @@ struct seat_config *new_seat_config(const char* name) { | |||
30 | return seat; | 30 | return seat; |
31 | } | 31 | } |
32 | 32 | ||
33 | struct seat_attachment_config *seat_attachment_config_new() { | 33 | struct seat_attachment_config *seat_attachment_config_new(void) { |
34 | struct seat_attachment_config *attachment = | 34 | struct seat_attachment_config *attachment = |
35 | calloc(1, sizeof(struct seat_attachment_config)); | 35 | calloc(1, sizeof(struct seat_attachment_config)); |
36 | if (!attachment) { | 36 | if (!attachment) { |
diff --git a/sway/debug-tree.c b/sway/debug-tree.c index 9644f4e5..16b479f9 100644 --- a/sway/debug-tree.c +++ b/sway/debug-tree.c | |||
@@ -120,7 +120,7 @@ static int draw_node(cairo_t *cairo, struct sway_node *node, | |||
120 | return height; | 120 | return height; |
121 | } | 121 | } |
122 | 122 | ||
123 | void update_debug_tree() { | 123 | void update_debug_tree(void) { |
124 | if (!debug.render_tree) { | 124 | if (!debug.render_tree) { |
125 | return; | 125 | return; |
126 | } | 126 | } |
diff --git a/sway/input/cursor.c b/sway/input/cursor.c index 2d5d351f..3ddc27a0 100644 --- a/sway/input/cursor.c +++ b/sway/input/cursor.c | |||
@@ -30,7 +30,7 @@ | |||
30 | // when dragging to the edge of a layout container. | 30 | // when dragging to the edge of a layout container. |
31 | #define DROP_LAYOUT_BORDER 30 | 31 | #define DROP_LAYOUT_BORDER 30 |
32 | 32 | ||
33 | static uint32_t get_current_time_msec() { | 33 | static uint32_t get_current_time_msec(void) { |
34 | struct timespec now; | 34 | struct timespec now; |
35 | clock_gettime(CLOCK_MONOTONIC, &now); | 35 | clock_gettime(CLOCK_MONOTONIC, &now); |
36 | return now.tv_nsec / 1000; | 36 | return now.tv_nsec / 1000; |
diff --git a/sway/ipc-json.c b/sway/ipc-json.c index f054ac9f..45915094 100644 --- a/sway/ipc-json.c +++ b/sway/ipc-json.c | |||
@@ -42,7 +42,7 @@ static const char *ipc_json_orientation_description(enum sway_container_layout l | |||
42 | return "none"; | 42 | return "none"; |
43 | } | 43 | } |
44 | 44 | ||
45 | json_object *ipc_json_get_version() { | 45 | json_object *ipc_json_get_version(void) { |
46 | int major = 0, minor = 0, patch = 0; | 46 | int major = 0, minor = 0, patch = 0; |
47 | json_object *version = json_object_new_object(); | 47 | json_object *version = json_object_new_object(); |
48 | 48 | ||
diff --git a/sway/main.c b/sway/main.c index 990f5f3a..50b05b21 100644 --- a/sway/main.c +++ b/sway/main.c | |||
@@ -12,10 +12,6 @@ | |||
12 | #include <sys/wait.h> | 12 | #include <sys/wait.h> |
13 | #include <sys/un.h> | 13 | #include <sys/un.h> |
14 | #include <unistd.h> | 14 | #include <unistd.h> |
15 | #ifdef __linux__ | ||
16 | #include <sys/capability.h> | ||
17 | #include <sys/prctl.h> | ||
18 | #endif | ||
19 | #include <wlr/util/log.h> | 15 | #include <wlr/util/log.h> |
20 | #include "sway/commands.h" | 16 | #include "sway/commands.h" |
21 | #include "sway/config.h" | 17 | #include "sway/config.h" |
@@ -45,7 +41,7 @@ void sig_handler(int signal) { | |||
45 | sway_terminate(EXIT_SUCCESS); | 41 | sway_terminate(EXIT_SUCCESS); |
46 | } | 42 | } |
47 | 43 | ||
48 | void detect_raspi() { | 44 | void detect_raspi(void) { |
49 | bool raspi = false; | 45 | bool raspi = false; |
50 | FILE *f = fopen("/sys/firmware/devicetree/base/model", "r"); | 46 | FILE *f = fopen("/sys/firmware/devicetree/base/model", "r"); |
51 | if (!f) { | 47 | if (!f) { |
@@ -85,7 +81,7 @@ void detect_raspi() { | |||
85 | } | 81 | } |
86 | } | 82 | } |
87 | 83 | ||
88 | void detect_proprietary() { | 84 | void detect_proprietary(void) { |
89 | FILE *f = fopen("/proc/modules", "r"); | 85 | FILE *f = fopen("/proc/modules", "r"); |
90 | if (!f) { | 86 | if (!f) { |
91 | return; | 87 | return; |
@@ -120,7 +116,7 @@ void run_as_ipc_client(char *command, char *socket_path) { | |||
120 | close(socketfd); | 116 | close(socketfd); |
121 | } | 117 | } |
122 | 118 | ||
123 | static void log_env() { | 119 | static void log_env(void) { |
124 | const char *log_vars[] = { | 120 | const char *log_vars[] = { |
125 | "PATH", | 121 | "PATH", |
126 | "LD_LIBRARY_PATH", | 122 | "LD_LIBRARY_PATH", |
@@ -135,7 +131,7 @@ static void log_env() { | |||
135 | } | 131 | } |
136 | } | 132 | } |
137 | 133 | ||
138 | static void log_distro() { | 134 | static void log_distro(void) { |
139 | const char *paths[] = { | 135 | const char *paths[] = { |
140 | "/etc/lsb-release", | 136 | "/etc/lsb-release", |
141 | "/etc/os-release", | 137 | "/etc/os-release", |
@@ -162,7 +158,7 @@ static void log_distro() { | |||
162 | } | 158 | } |
163 | } | 159 | } |
164 | 160 | ||
165 | static void log_kernel() { | 161 | static void log_kernel(void) { |
166 | FILE *f = popen("uname -a", "r"); | 162 | FILE *f = popen("uname -a", "r"); |
167 | if (!f) { | 163 | if (!f) { |
168 | wlr_log(WLR_INFO, "Unable to determine kernel version"); | 164 | wlr_log(WLR_INFO, "Unable to determine kernel version"); |
@@ -181,28 +177,8 @@ static void log_kernel() { | |||
181 | pclose(f); | 177 | pclose(f); |
182 | } | 178 | } |
183 | 179 | ||
184 | static void executable_sanity_check() { | ||
185 | #ifdef __linux__ | ||
186 | struct stat sb; | ||
187 | char *exe = realpath("/proc/self/exe", NULL); | ||
188 | stat(exe, &sb); | ||
189 | // We assume that cap_get_file returning NULL implies ENODATA | ||
190 | if (sb.st_mode & (S_ISUID|S_ISGID) && cap_get_file(exe)) { | ||
191 | wlr_log(WLR_ERROR, | ||
192 | "sway executable has both the s(g)uid bit AND file caps set."); | ||
193 | wlr_log(WLR_ERROR, | ||
194 | "This is strongly discouraged (and completely broken)."); | ||
195 | wlr_log(WLR_ERROR, | ||
196 | "Please clear one of them (either the suid bit, or the file caps)."); | ||
197 | wlr_log(WLR_ERROR, | ||
198 | "If unsure, strip the file caps."); | ||
199 | exit(EXIT_FAILURE); | ||
200 | } | ||
201 | free(exe); | ||
202 | #endif | ||
203 | } | ||
204 | 180 | ||
205 | static void drop_permissions(bool keep_caps) { | 181 | static void drop_permissions(void) { |
206 | if (getuid() != geteuid() || getgid() != getegid()) { | 182 | if (getuid() != geteuid() || getgid() != getegid()) { |
207 | if (setgid(getgid()) != 0) { | 183 | if (setgid(getgid()) != 0) { |
208 | wlr_log(WLR_ERROR, "Unable to drop root"); | 184 | wlr_log(WLR_ERROR, "Unable to drop root"); |
@@ -217,20 +193,6 @@ static void drop_permissions(bool keep_caps) { | |||
217 | wlr_log(WLR_ERROR, "Root privileges can be restored."); | 193 | wlr_log(WLR_ERROR, "Root privileges can be restored."); |
218 | exit(EXIT_FAILURE); | 194 | exit(EXIT_FAILURE); |
219 | } | 195 | } |
220 | #ifdef __linux__ | ||
221 | if (keep_caps) { | ||
222 | // Drop every cap except CAP_SYS_PTRACE | ||
223 | cap_t caps = cap_init(); | ||
224 | cap_value_t keep = CAP_SYS_PTRACE; | ||
225 | wlr_log(WLR_INFO, "Dropping extra capabilities"); | ||
226 | if (cap_set_flag(caps, CAP_PERMITTED, 1, &keep, CAP_SET) || | ||
227 | cap_set_flag(caps, CAP_EFFECTIVE, 1, &keep, CAP_SET) || | ||
228 | cap_set_proc(caps)) { | ||
229 | wlr_log(WLR_ERROR, "Failed to drop extra capabilities"); | ||
230 | exit(EXIT_FAILURE); | ||
231 | } | ||
232 | } | ||
233 | #endif | ||
234 | } | 196 | } |
235 | 197 | ||
236 | void enable_debug_flag(const char *flag) { | 198 | void enable_debug_flag(const char *flag) { |
@@ -347,7 +309,7 @@ int main(int argc, char **argv) { | |||
347 | wlr_log(WLR_ERROR, "Don't use options with the IPC client"); | 309 | wlr_log(WLR_ERROR, "Don't use options with the IPC client"); |
348 | exit(EXIT_FAILURE); | 310 | exit(EXIT_FAILURE); |
349 | } | 311 | } |
350 | drop_permissions(false); | 312 | drop_permissions(); |
351 | char *socket_path = getenv("SWAYSOCK"); | 313 | char *socket_path = getenv("SWAYSOCK"); |
352 | if (!socket_path) { | 314 | if (!socket_path) { |
353 | wlr_log(WLR_ERROR, "Unable to retrieve socket path"); | 315 | wlr_log(WLR_ERROR, "Unable to retrieve socket path"); |
@@ -358,34 +320,17 @@ int main(int argc, char **argv) { | |||
358 | return 0; | 320 | return 0; |
359 | } | 321 | } |
360 | 322 | ||
361 | executable_sanity_check(); | ||
362 | bool suid = false; | ||
363 | |||
364 | if (!server_privileged_prepare(&server)) { | 323 | if (!server_privileged_prepare(&server)) { |
365 | return 1; | 324 | return 1; |
366 | } | 325 | } |
367 | 326 | ||
368 | #if defined(__linux__) || defined(__FreeBSD__) | ||
369 | if (getuid() != geteuid() || getgid() != getegid()) { | ||
370 | #ifdef __linux__ | ||
371 | // Retain capabilities after setuid() | ||
372 | if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0)) { | ||
373 | wlr_log(WLR_ERROR, "Cannot keep caps after setuid()"); | ||
374 | exit(EXIT_FAILURE); | ||
375 | } | ||
376 | #endif | ||
377 | suid = true; | ||
378 | } | ||
379 | #endif | ||
380 | |||
381 | log_kernel(); | 327 | log_kernel(); |
382 | log_distro(); | 328 | log_distro(); |
383 | detect_proprietary(); | 329 | detect_proprietary(); |
384 | detect_raspi(); | 330 | detect_raspi(); |
385 | 331 | ||
386 | #if defined(__linux__) || defined(__FreeBSD__) | 332 | drop_permissions(); |
387 | drop_permissions(suid); | 333 | |
388 | #endif | ||
389 | // handle SIGTERM signals | 334 | // handle SIGTERM signals |
390 | signal(SIGTERM, sig_handler); | 335 | signal(SIGTERM, sig_handler); |
391 | 336 | ||
diff --git a/sway/meson.build b/sway/meson.build index d67a4c64..0bb0c2d3 100644 --- a/sway/meson.build +++ b/sway/meson.build | |||
@@ -164,7 +164,6 @@ sway_deps = [ | |||
164 | cairo, | 164 | cairo, |
165 | gdk_pixbuf, | 165 | gdk_pixbuf, |
166 | jsonc, | 166 | jsonc, |
167 | libcap, | ||
168 | libinput, | 167 | libinput, |
169 | math, | 168 | math, |
170 | pango, | 169 | pango, |
diff --git a/sway/tree/container.c b/sway/tree/container.c index baaa82fd..66370a42 100644 --- a/sway/tree/container.c +++ b/sway/tree/container.c | |||
@@ -593,7 +593,7 @@ void container_update_representation(struct sway_container *con) { | |||
593 | } | 593 | } |
594 | } | 594 | } |
595 | 595 | ||
596 | size_t container_titlebar_height() { | 596 | size_t container_titlebar_height(void) { |
597 | return config->font_height + TITLEBAR_V_PADDING * 2; | 597 | return config->font_height + TITLEBAR_V_PADDING * 2; |
598 | } | 598 | } |
599 | 599 | ||