|
|
@ -27,6 +27,7 @@
|
|
|
|
#include "stringop.h"
|
|
|
|
#include "stringop.h"
|
|
|
|
#include "sway.h"
|
|
|
|
#include "sway.h"
|
|
|
|
#include "log.h"
|
|
|
|
#include "log.h"
|
|
|
|
|
|
|
|
#include "util.h"
|
|
|
|
|
|
|
|
|
|
|
|
static bool terminate_request = false;
|
|
|
|
static bool terminate_request = false;
|
|
|
|
static int exit_value = 0;
|
|
|
|
static int exit_value = 0;
|
|
|
@ -209,6 +210,27 @@ static void security_sanity_check() {
|
|
|
|
#endif
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static void executable_sanity_check() {
|
|
|
|
|
|
|
|
#ifdef __linux__
|
|
|
|
|
|
|
|
struct stat sb;
|
|
|
|
|
|
|
|
char *exe = realpath("/proc/self/exe", NULL);
|
|
|
|
|
|
|
|
stat(exe, &sb);
|
|
|
|
|
|
|
|
// We assume that cap_get_file returning NULL implies ENODATA
|
|
|
|
|
|
|
|
if (sb.st_mode & (S_ISUID|S_ISGID) && cap_get_file(exe)) {
|
|
|
|
|
|
|
|
sway_log(L_ERROR,
|
|
|
|
|
|
|
|
"sway executable has both the s(g)uid bit AND file caps set.");
|
|
|
|
|
|
|
|
sway_log(L_ERROR,
|
|
|
|
|
|
|
|
"This is strongly discouraged (and completely broken).");
|
|
|
|
|
|
|
|
sway_log(L_ERROR,
|
|
|
|
|
|
|
|
"Please clear one of them (either the suid bit, or the file caps).");
|
|
|
|
|
|
|
|
sway_log(L_ERROR,
|
|
|
|
|
|
|
|
"If unsure, strip the file caps.");
|
|
|
|
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
free(exe);
|
|
|
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int main(int argc, char **argv) {
|
|
|
|
int main(int argc, char **argv) {
|
|
|
|
static int verbose = 0, debug = 0, validate = 0;
|
|
|
|
static int verbose = 0, debug = 0, validate = 0;
|
|
|
|
|
|
|
|
|
|
|
@ -288,6 +310,15 @@ int main(int argc, char **argv) {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// we need to setup logging before wlc_init in case it fails.
|
|
|
|
|
|
|
|
if (debug) {
|
|
|
|
|
|
|
|
init_log(L_DEBUG);
|
|
|
|
|
|
|
|
} else if (verbose || validate) {
|
|
|
|
|
|
|
|
init_log(L_INFO);
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
init_log(L_ERROR);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (optind < argc) { // Behave as IPC client
|
|
|
|
if (optind < argc) { // Behave as IPC client
|
|
|
|
if(optind != 1) {
|
|
|
|
if(optind != 1) {
|
|
|
|
sway_log(L_ERROR, "Don't use options with the IPC client");
|
|
|
|
sway_log(L_ERROR, "Don't use options with the IPC client");
|
|
|
@ -317,6 +348,7 @@ int main(int argc, char **argv) {
|
|
|
|
return 0;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
executable_sanity_check();
|
|
|
|
#ifdef __linux__
|
|
|
|
#ifdef __linux__
|
|
|
|
bool suid = false;
|
|
|
|
bool suid = false;
|
|
|
|
if (getuid() != geteuid() || getgid() != getegid()) {
|
|
|
|
if (getuid() != geteuid() || getgid() != getegid()) {
|
|
|
@ -329,14 +361,6 @@ int main(int argc, char **argv) {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
|
|
// we need to setup logging before wlc_init in case it fails.
|
|
|
|
|
|
|
|
if (debug) {
|
|
|
|
|
|
|
|
init_log(L_DEBUG);
|
|
|
|
|
|
|
|
} else if (verbose || validate) {
|
|
|
|
|
|
|
|
init_log(L_INFO);
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
init_log(L_ERROR);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
wlc_log_set_handler(wlc_log_handler);
|
|
|
|
wlc_log_set_handler(wlc_log_handler);
|
|
|
|
log_kernel();
|
|
|
|
log_kernel();
|
|
|
|
log_distro();
|
|
|
|
log_distro();
|
|
|
|