From 9dae68eba51a7b9289d9a64ae8880539ffeca2c0 Mon Sep 17 00:00:00 2001 From: emersion Date: Mon, 29 Oct 2018 23:52:03 +0100 Subject: [PATCH 1/2] Make it clear that being able to restore root is a failure --- sway/main.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/sway/main.c b/sway/main.c index cc5f7187..a810bb55 100644 --- a/sway/main.c +++ b/sway/main.c @@ -197,17 +197,18 @@ static void log_kernel(void) { static void drop_permissions(void) { if (getuid() != geteuid() || getgid() != getegid()) { if (setgid(getgid()) != 0) { - wlr_log(WLR_ERROR, "Unable to drop root"); + wlr_log(WLR_ERROR, "Unable to drop root, refusing to start"); exit(EXIT_FAILURE); } if (setuid(getuid()) != 0) { - wlr_log(WLR_ERROR, "Unable to drop root"); + wlr_log(WLR_ERROR, "Unable to drop root, refusing to start"); exit(EXIT_FAILURE); } } if (setuid(0) != -1) { - wlr_log(WLR_ERROR, "Root privileges can be restored."); - exit(EXIT_FAILURE); + wlr_log(WLR_ERROR, "Unable to drop root (we shouldn't be able to " + "restore it after setuid), refusing to start"); + return false; } } From f90ff1210b2a40449171c5a1428faaa28ff1f9c3 Mon Sep 17 00:00:00 2001 From: emersion Date: Thu, 1 Nov 2018 18:14:26 +0100 Subject: [PATCH 2/2] Teardown compositor when failing to drop permissions --- sway/main.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/sway/main.c b/sway/main.c index a810bb55..920cea11 100644 --- a/sway/main.c +++ b/sway/main.c @@ -29,7 +29,7 @@ static bool terminate_request = false; static int exit_value = 0; -struct sway_server server; +struct sway_server server = {0}; void sway_terminate(int exit_code) { terminate_request = true; @@ -194,15 +194,15 @@ static void log_kernel(void) { } -static void drop_permissions(void) { +static bool drop_permissions(void) { if (getuid() != geteuid() || getgid() != getegid()) { if (setgid(getgid()) != 0) { wlr_log(WLR_ERROR, "Unable to drop root, refusing to start"); - exit(EXIT_FAILURE); + return false; } if (setuid(getuid()) != 0) { wlr_log(WLR_ERROR, "Unable to drop root, refusing to start"); - exit(EXIT_FAILURE); + return false; } } if (setuid(0) != -1) { @@ -210,6 +210,7 @@ static void drop_permissions(void) { "restore it after setuid), refusing to start"); return false; } + return true; } void enable_debug_flag(const char *flag) { @@ -318,11 +319,13 @@ int main(int argc, char **argv) { } if (optind < argc) { // Behave as IPC client - if(optind != 1) { + if (optind != 1) { wlr_log(WLR_ERROR, "Don't use options with the IPC client"); exit(EXIT_FAILURE); } - drop_permissions(); + if (!drop_permissions()) { + exit(EXIT_FAILURE); + } char *socket_path = getenv("SWAYSOCK"); if (!socket_path) { wlr_log(WLR_ERROR, "Unable to retrieve socket path"); @@ -342,7 +345,10 @@ int main(int argc, char **argv) { detect_proprietary(allow_unsupported_gpu); detect_raspi(); - drop_permissions(); + if (!drop_permissions()) { + server_fini(&server); + exit(EXIT_FAILURE); + } // handle SIGTERM signals signal(SIGTERM, sig_handler);