Merge pull request #1218 from Hummer12007/suicaps

Terminate when both suid bit and filecaps are set
master
Drew DeVault 8 years ago committed by GitHub
commit 6df0f9a7e4

@ -124,38 +124,38 @@ uint32_t parse_color(const char *color) {
} }
char* resolve_path(const char* path) { char* resolve_path(const char* path) {
struct stat sb; struct stat sb;
ssize_t r; ssize_t r;
int i; int i;
char *current = NULL; char *current = NULL;
char *resolved = NULL; char *resolved = NULL;
if(!(current = strdup(path))) { if(!(current = strdup(path))) {
return NULL; return NULL;
} }
for (i = 0; i < 16; ++i) { for (i = 0; i < 16; ++i) {
if (lstat(current, &sb) == -1) { if (lstat(current, &sb) == -1) {
goto failed; goto failed;
} }
if((sb.st_mode & S_IFMT) != S_IFLNK) { if((sb.st_mode & S_IFMT) != S_IFLNK) {
return current; return current;
} }
if (!(resolved = malloc(sb.st_size + 1))) { if (!(resolved = malloc(sb.st_size + 1))) {
goto failed; goto failed;
} }
r = readlink(current, resolved, sb.st_size); r = readlink(current, resolved, sb.st_size);
if (r == -1 || r > sb.st_size) { if (r == -1 || r > sb.st_size) {
goto failed; goto failed;
} }
resolved[r] = '\0'; resolved[r] = '\0';
free(current); free(current);
current = strdup(resolved); current = strdup(resolved);
free(resolved); free(resolved);
resolved = NULL; resolved = NULL;
} }
failed: failed:
free(resolved); free(resolved);
free(current); free(current);
return NULL; return NULL;
} }

@ -27,6 +27,7 @@
#include "stringop.h" #include "stringop.h"
#include "sway.h" #include "sway.h"
#include "log.h" #include "log.h"
#include "util.h"
static bool terminate_request = false; static bool terminate_request = false;
static int exit_value = 0; static int exit_value = 0;
@ -209,6 +210,27 @@ static void security_sanity_check() {
#endif #endif
} }
static void executable_sanity_check() {
#ifdef __linux__
struct stat sb;
char *exe = realpath("/proc/self/exe", NULL);
stat(exe, &sb);
// We assume that cap_get_file returning NULL implies ENODATA
if (sb.st_mode & (S_ISUID|S_ISGID) && cap_get_file(exe)) {
sway_log(L_ERROR,
"sway executable has both the s(g)uid bit AND file caps set.");
sway_log(L_ERROR,
"This is strongly discouraged (and completely broken).");
sway_log(L_ERROR,
"Please clear one of them (either the suid bit, or the file caps).");
sway_log(L_ERROR,
"If unsure, strip the file caps.");
exit(EXIT_FAILURE);
}
free(exe);
#endif
}
int main(int argc, char **argv) { int main(int argc, char **argv) {
static int verbose = 0, debug = 0, validate = 0; static int verbose = 0, debug = 0, validate = 0;
@ -288,6 +310,15 @@ int main(int argc, char **argv) {
} }
} }
// we need to setup logging before wlc_init in case it fails.
if (debug) {
init_log(L_DEBUG);
} else if (verbose || validate) {
init_log(L_INFO);
} else {
init_log(L_ERROR);
}
if (optind < argc) { // Behave as IPC client if (optind < argc) { // Behave as IPC client
if(optind != 1) { if(optind != 1) {
sway_log(L_ERROR, "Don't use options with the IPC client"); sway_log(L_ERROR, "Don't use options with the IPC client");
@ -317,6 +348,7 @@ int main(int argc, char **argv) {
return 0; return 0;
} }
executable_sanity_check();
#ifdef __linux__ #ifdef __linux__
bool suid = false; bool suid = false;
if (getuid() != geteuid() || getgid() != getegid()) { if (getuid() != geteuid() || getgid() != getegid()) {
@ -329,14 +361,6 @@ int main(int argc, char **argv) {
} }
#endif #endif
// we need to setup logging before wlc_init in case it fails.
if (debug) {
init_log(L_DEBUG);
} else if (verbose || validate) {
init_log(L_INFO);
} else {
init_log(L_ERROR);
}
wlc_log_set_handler(wlc_log_handler); wlc_log_set_handler(wlc_log_handler);
log_kernel(); log_kernel();
log_distro(); log_distro();

Loading…
Cancel
Save