7 files changed, 14 insertions, 70 deletions
diff --git a/sway/config/seat.c b/sway/config/seat.c
index 83dac4c0..46456caf 100644
--- a/sway/config/seat.c
+++ b/sway/config/seat.c
@@ -30,7 +30,7 @@ struct seat_config *new_seat_config(const char* name) {
        return seat;
 }
-struct seat_attachment_config *seat_attachment_config_new() {
+struct seat_attachment_config *seat_attachment_config_new(void) {
        struct seat_attachment_config *attachment =
                calloc(1, sizeof(struct seat_attachment_config));
        if (!attachment) {
diff --git a/sway/debug-tree.c b/sway/debug-tree.c
index 9644f4e5..16b479f9 100644
--- a/sway/debug-tree.c
+++ b/sway/debug-tree.c
@@ -120,7 +120,7 @@ static int draw_node(cairo_t *cairo, struct sway_node *node,
        return height;
 }
-void update_debug_tree() {
+void update_debug_tree(void) {
        if (!debug.render_tree) {
                return;
        }
diff --git a/sway/input/cursor.c b/sway/input/cursor.c
index 2d5d351f..3ddc27a0 100644
--- a/sway/input/cursor.c
+++ b/sway/input/cursor.c
@@ -30,7 +30,7 @@
 // when dragging to the edge of a layout container.
 #define DROP_LAYOUT_BORDER 30
-static uint32_t get_current_time_msec() {
+static uint32_t get_current_time_msec(void) {
        struct timespec now;
        clock_gettime(CLOCK_MONOTONIC, &now);
        return now.tv_nsec / 1000;
diff --git a/sway/ipc-json.c b/sway/ipc-json.c
index f054ac9f..45915094 100644
--- a/sway/ipc-json.c
+++ b/sway/ipc-json.c
@@ -42,7 +42,7 @@ static const char *ipc_json_orientation_description(enum sway_container_layout l
        return "none";
 }
-json_object *ipc_json_get_version() {
+json_object *ipc_json_get_version(void) {
        int major = 0, minor = 0, patch = 0;
        json_object *version = json_object_new_object();
diff --git a/sway/main.c b/sway/main.c
index 990f5f3a..50b05b21 100644
--- a/sway/main.c
+++ b/sway/main.c
@@ -12,10 +12,6 @@
 #include <sys/wait.h>
 #include <sys/un.h>
 #include <unistd.h>
-#ifdef __linux__
-#include <sys/capability.h>
-#include <sys/prctl.h>
-#endif
 #include <wlr/util/log.h>
 #include "sway/commands.h"
 #include "sway/config.h"
@@ -45,7 +41,7 @@ void sig_handler(int signal) {
        sway_terminate(EXIT_SUCCESS);
 }
-void detect_raspi() {
+void detect_raspi(void) {
        bool raspi = false;
        FILE *f = fopen("/sys/firmware/devicetree/base/model", "r");
        if (!f) {
@@ -85,7 +81,7 @@ void detect_raspi() {
        }
 }
-void detect_proprietary() {
+void detect_proprietary(void) {
        FILE *f = fopen("/proc/modules", "r");
        if (!f) {
                return;
@@ -120,7 +116,7 @@ void run_as_ipc_client(char *command, char *socket_path) {
        close(socketfd);
 }
-static void log_env() {
+static void log_env(void) {
        const char *log_vars[] = {
                "PATH",
                "LD_LIBRARY_PATH",
@@ -135,7 +131,7 @@ static void log_env() {
        }
 }
-static void log_distro() {
+static void log_distro(void) {
        const char *paths[] = {
                "/etc/lsb-release",
                "/etc/os-release",
@@ -162,7 +158,7 @@ static void log_distro() {
        }
 }
-static void log_kernel() {
+static void log_kernel(void) {
        FILE *f = popen("uname -a", "r");
        if (!f) {
                wlr_log(WLR_INFO, "Unable to determine kernel version");
@@ -181,28 +177,8 @@ static void log_kernel() {
        pclose(f);
 }
-static void executable_sanity_check() {
-#ifdef __linux__
-                struct stat sb;
-                char *exe = realpath("/proc/self/exe", NULL);
-                stat(exe, &sb);
-                // We assume that cap_get_file returning NULL implies ENODATA
-                if (sb.st_mode & (S_ISUID|S_ISGID) && cap_get_file(exe)) {
-                        wlr_log(WLR_ERROR,
-                                "sway executable has both the s(g)uid bit AND file caps set.");
-                        wlr_log(WLR_ERROR,
-                                "This is strongly discouraged (and completely broken).");
-                        wlr_log(WLR_ERROR,
-                                "Please clear one of them (either the suid bit, or the file caps).");
-                        wlr_log(WLR_ERROR,
-                                "If unsure, strip the file caps.");
-                        exit(EXIT_FAILURE);
-                }
-                free(exe);
-#endif
-}
-static void drop_permissions(bool keep_caps) {
+static void drop_permissions(void) {
        if (getuid() != geteuid() || getgid() != getegid()) {
                if (setgid(getgid()) != 0) {
                        wlr_log(WLR_ERROR, "Unable to drop root");
@@ -217,20 +193,6 @@ static void drop_permissions(bool keep_caps) {
                wlr_log(WLR_ERROR, "Root privileges can be restored.");
                exit(EXIT_FAILURE);
        }
-#ifdef __linux__
-        if (keep_caps) {
-                // Drop every cap except CAP_SYS_PTRACE
-                cap_t caps = cap_init();
-                cap_value_t keep = CAP_SYS_PTRACE;
-                wlr_log(WLR_INFO, "Dropping extra capabilities");
-                if (cap_set_flag(caps, CAP_PERMITTED, 1, &keep, CAP_SET) ||
-                        cap_set_flag(caps, CAP_EFFECTIVE, 1, &keep, CAP_SET) ||
-                        cap_set_proc(caps)) {
-                        wlr_log(WLR_ERROR, "Failed to drop extra capabilities");
-                        exit(EXIT_FAILURE);
-                }
-        }
-#endif
 }
 void enable_debug_flag(const char *flag) {
@@ -347,7 +309,7 @@ int main(int argc, char **argv) {
                        wlr_log(WLR_ERROR, "Don't use options with the IPC client");
                        exit(EXIT_FAILURE);
                }
-                drop_permissions(false);
+                drop_permissions();
                char *socket_path = getenv("SWAYSOCK");
                if (!socket_path) {
                        wlr_log(WLR_ERROR, "Unable to retrieve socket path");
@@ -358,34 +320,17 @@ int main(int argc, char **argv) {
                return 0;
        }
-        executable_sanity_check();
-        bool suid = false;
        if (!server_privileged_prepare(&server)) {
                return 1;
        }
-#if defined(__linux__) || defined(__FreeBSD__)
-        if (getuid() != geteuid() || getgid() != getegid()) {
-#ifdef __linux__
-                // Retain capabilities after setuid()
-                if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0)) {
-                        wlr_log(WLR_ERROR, "Cannot keep caps after setuid()");
-                        exit(EXIT_FAILURE);
-                }
-#endif
-                suid = true;
-        }
-#endif
        log_kernel();
        log_distro();
        detect_proprietary();
        detect_raspi();
-#if defined(__linux__) || defined(__FreeBSD__)
+        drop_permissions();
-        drop_permissions(suid);
-#endif
        // handle SIGTERM signals
        signal(SIGTERM, sig_handler);
diff --git a/sway/meson.build b/sway/meson.build
index d67a4c64..0bb0c2d3 100644
--- a/sway/meson.build
+++ b/sway/meson.build
@@ -164,7 +164,6 @@ sway_deps = [
        cairo,
        gdk_pixbuf,
        jsonc,
-        libcap,
        libinput,
        math,
        pango,
diff --git a/sway/tree/container.c b/sway/tree/container.c
index baaa82fd..66370a42 100644
--- a/sway/tree/container.c
+++ b/sway/tree/container.c
@@ -593,7 +593,7 @@ void container_update_representation(struct sway_container *con) {
        }
 }
-size_t container_titlebar_height() {
+size_t container_titlebar_height(void) {
        return config->font_height + TITLEBAR_V_PADDING * 2;
 }

diff --git a/sway/config/seat.c b/sway/config/seat.c index 83dac4c0..46456caf 100644 --- a/sway/config/seat.c +++ b/sway/config/seat.c
@@ -30,7 +30,7 @@ struct seat_config new_seat_config(const char name) {
30	return seat;	30	return seat;
31	}	31	}
32		32
33	struct seat_attachment_config *seat_attachment_config_new() {	33	struct seat_attachment_config *seat_attachment_config_new(void) {
34	struct seat_attachment_config *attachment =	34	struct seat_attachment_config *attachment =
35	calloc(1, sizeof(struct seat_attachment_config));	35	calloc(1, sizeof(struct seat_attachment_config));
36	if (!attachment) {	36	if (!attachment) {


diff --git a/sway/debug-tree.c b/sway/debug-tree.c index 9644f4e5..16b479f9 100644 --- a/sway/debug-tree.c +++ b/sway/debug-tree.c
@@ -120,7 +120,7 @@ static int draw_node(cairo_t cairo, struct sway_node node,
120	return height;	120	return height;
121	}	121	}
122		122
123	void update_debug_tree() {	123	void update_debug_tree(void) {
124	if (!debug.render_tree) {	124	if (!debug.render_tree) {
125	return;	125	return;
126	}	126	}


diff --git a/sway/input/cursor.c b/sway/input/cursor.c index 2d5d351f..3ddc27a0 100644 --- a/sway/input/cursor.c +++ b/sway/input/cursor.c
@@ -30,7 +30,7 @@
30	// when dragging to the edge of a layout container.	30	// when dragging to the edge of a layout container.
31	#define DROP_LAYOUT_BORDER 30	31	#define DROP_LAYOUT_BORDER 30
32		32
33	static uint32_t get_current_time_msec() {	33	static uint32_t get_current_time_msec(void) {
34	struct timespec now;	34	struct timespec now;
35	clock_gettime(CLOCK_MONOTONIC, &now);	35	clock_gettime(CLOCK_MONOTONIC, &now);
36	return now.tv_nsec / 1000;	36	return now.tv_nsec / 1000;


diff --git a/sway/ipc-json.c b/sway/ipc-json.c index f054ac9f..45915094 100644 --- a/sway/ipc-json.c +++ b/sway/ipc-json.c
@@ -42,7 +42,7 @@ static const char *ipc_json_orientation_description(enum sway_container_layout l
42	return "none";	42	return "none";
43	}	43	}
44		44
45	json_object *ipc_json_get_version() {	45	json_object *ipc_json_get_version(void) {
46	int major = 0, minor = 0, patch = 0;	46	int major = 0, minor = 0, patch = 0;
47	json_object *version = json_object_new_object();	47	json_object *version = json_object_new_object();
48		48


diff --git a/sway/main.c b/sway/main.c index 990f5f3a..50b05b21 100644 --- a/sway/main.c +++ b/sway/main.c
@@ -12,10 +12,6 @@
12	#include <sys/wait.h>	12	#include <sys/wait.h>
13	#include <sys/un.h>	13	#include <sys/un.h>
14	#include <unistd.h>	14	#include <unistd.h>
15	#ifdef __linux__
16	#include <sys/capability.h>
17	#include <sys/prctl.h>
18	#endif
19	#include <wlr/util/log.h>	15	#include <wlr/util/log.h>
20	#include "sway/commands.h"	16	#include "sway/commands.h"
21	#include "sway/config.h"	17	#include "sway/config.h"
@@ -45,7 +41,7 @@ void sig_handler(int signal) {
45	sway_terminate(EXIT_SUCCESS);	41	sway_terminate(EXIT_SUCCESS);
46	}	42	}
47		43
48	void detect_raspi() {	44	void detect_raspi(void) {
49	bool raspi = false;	45	bool raspi = false;
50	FILE *f = fopen("/sys/firmware/devicetree/base/model", "r");	46	FILE *f = fopen("/sys/firmware/devicetree/base/model", "r");
51	if (!f) {	47	if (!f) {
@@ -85,7 +81,7 @@ void detect_raspi() {
85	}	81	}
86	}	82	}
87		83
88	void detect_proprietary() {	84	void detect_proprietary(void) {
89	FILE *f = fopen("/proc/modules", "r");	85	FILE *f = fopen("/proc/modules", "r");
90	if (!f) {	86	if (!f) {
91	return;	87	return;
@@ -120,7 +116,7 @@ void run_as_ipc_client(char command, char socket_path) {
120	close(socketfd);	116	close(socketfd);
121	}	117	}
122		118
123	static void log_env() {	119	static void log_env(void) {
124	const char *log_vars[] = {	120	const char *log_vars[] = {
125	"PATH",	121	"PATH",
126	"LD_LIBRARY_PATH",	122	"LD_LIBRARY_PATH",
@@ -135,7 +131,7 @@ static void log_env() {
135	}	131	}
136	}	132	}
137		133
138	static void log_distro() {	134	static void log_distro(void) {
139	const char *paths[] = {	135	const char *paths[] = {
140	"/etc/lsb-release",	136	"/etc/lsb-release",
141	"/etc/os-release",	137	"/etc/os-release",
@@ -162,7 +158,7 @@ static void log_distro() {
162	}	158	}
163	}	159	}
164		160
165	static void log_kernel() {	161	static void log_kernel(void) {
166	FILE *f = popen("uname -a", "r");	162	FILE *f = popen("uname -a", "r");
167	if (!f) {	163	if (!f) {
168	wlr_log(WLR_INFO, "Unable to determine kernel version");	164	wlr_log(WLR_INFO, "Unable to determine kernel version");
@@ -181,28 +177,8 @@ static void log_kernel() {
181	pclose(f);	177	pclose(f);
182	}	178	}
183		179
184	static void executable_sanity_check() {
185	#ifdef __linux__
186	struct stat sb;
187	char *exe = realpath("/proc/self/exe", NULL);
188	stat(exe, &sb);
189	// We assume that cap_get_file returning NULL implies ENODATA
190	if (sb.st_mode & (S_ISUID\|S_ISGID) && cap_get_file(exe)) {
191	wlr_log(WLR_ERROR,
192	"sway executable has both the s(g)uid bit AND file caps set.");
193	wlr_log(WLR_ERROR,
194	"This is strongly discouraged (and completely broken).");
195	wlr_log(WLR_ERROR,
196	"Please clear one of them (either the suid bit, or the file caps).");
197	wlr_log(WLR_ERROR,
198	"If unsure, strip the file caps.");
199	exit(EXIT_FAILURE);
200	}
201	free(exe);
202	#endif
203	}
204		180
205	static void drop_permissions(bool keep_caps) {	181	static void drop_permissions(void) {
206	if (getuid() != geteuid() \|\| getgid() != getegid()) {	182	if (getuid() != geteuid() \|\| getgid() != getegid()) {
207	if (setgid(getgid()) != 0) {	183	if (setgid(getgid()) != 0) {
208	wlr_log(WLR_ERROR, "Unable to drop root");	184	wlr_log(WLR_ERROR, "Unable to drop root");
@@ -217,20 +193,6 @@ static void drop_permissions(bool keep_caps) {
217	wlr_log(WLR_ERROR, "Root privileges can be restored.");	193	wlr_log(WLR_ERROR, "Root privileges can be restored.");
218	exit(EXIT_FAILURE);	194	exit(EXIT_FAILURE);
219	}	195	}
220	#ifdef __linux__
221	if (keep_caps) {
222	// Drop every cap except CAP_SYS_PTRACE
223	cap_t caps = cap_init();
224	cap_value_t keep = CAP_SYS_PTRACE;
225	wlr_log(WLR_INFO, "Dropping extra capabilities");
226	if (cap_set_flag(caps, CAP_PERMITTED, 1, &keep, CAP_SET) \|\|
227	cap_set_flag(caps, CAP_EFFECTIVE, 1, &keep, CAP_SET) \|\|
228	cap_set_proc(caps)) {
229	wlr_log(WLR_ERROR, "Failed to drop extra capabilities");
230	exit(EXIT_FAILURE);
231	}
232	}
233	#endif
234	}	196	}
235		197
236	void enable_debug_flag(const char *flag) {	198	void enable_debug_flag(const char *flag) {
@@ -347,7 +309,7 @@ int main(int argc, char **argv) {
347	wlr_log(WLR_ERROR, "Don't use options with the IPC client");	309	wlr_log(WLR_ERROR, "Don't use options with the IPC client");
348	exit(EXIT_FAILURE);	310	exit(EXIT_FAILURE);
349	}	311	}
350	drop_permissions(false);	312	drop_permissions();
351	char *socket_path = getenv("SWAYSOCK");	313	char *socket_path = getenv("SWAYSOCK");
352	if (!socket_path) {	314	if (!socket_path) {
353	wlr_log(WLR_ERROR, "Unable to retrieve socket path");	315	wlr_log(WLR_ERROR, "Unable to retrieve socket path");
@@ -358,34 +320,17 @@ int main(int argc, char **argv) {
358	return 0;	320	return 0;
359	}	321	}
360		322
361	executable_sanity_check();
362	bool suid = false;
363
364	if (!server_privileged_prepare(&server)) {	323	if (!server_privileged_prepare(&server)) {
365	return 1;	324	return 1;
366	}	325	}
367		326
368	#if defined(__linux__) \|\| defined(__FreeBSD__)
369	if (getuid() != geteuid() \|\| getgid() != getegid()) {
370	#ifdef __linux__
371	// Retain capabilities after setuid()
372	if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0)) {
373	wlr_log(WLR_ERROR, "Cannot keep caps after setuid()");
374	exit(EXIT_FAILURE);
375	}
376	#endif
377	suid = true;
378	}
379	#endif
380
381	log_kernel();	327	log_kernel();
382	log_distro();	328	log_distro();
383	detect_proprietary();	329	detect_proprietary();
384	detect_raspi();	330	detect_raspi();
385		331
386	#if defined(__linux__) \|\| defined(__FreeBSD__)	332	drop_permissions();
387	drop_permissions(suid);	333
388	#endif
389	// handle SIGTERM signals	334	// handle SIGTERM signals
390	signal(SIGTERM, sig_handler);	335	signal(SIGTERM, sig_handler);
391		336


diff --git a/sway/meson.build b/sway/meson.build index d67a4c64..0bb0c2d3 100644 --- a/sway/meson.build +++ b/sway/meson.build
@@ -164,7 +164,6 @@ sway_deps = [
164	cairo,	164	cairo,
165	gdk_pixbuf,	165	gdk_pixbuf,
166	jsonc,	166	jsonc,
167	libcap,
168	libinput,	167	libinput,
169	math,	168	math,
170	pango,	169	pango,


diff --git a/sway/tree/container.c b/sway/tree/container.c index baaa82fd..66370a42 100644 --- a/sway/tree/container.c +++ b/sway/tree/container.c
@@ -593,7 +593,7 @@ void container_update_representation(struct sway_container *con) {
593	}	593	}
594	}	594	}
595		595
596	size_t container_titlebar_height() {	596	size_t container_titlebar_height(void) {
597	return config->font_height + TITLEBAR_V_PADDING * 2;	597	return config->font_height + TITLEBAR_V_PADDING * 2;
598	}	598	}
599		599