[PATCH] weston-launch: always drop privileges before execve
Peter Hutterer
peter.hutterer at who-t.net
Mon Aug 5 19:10:09 PDT 2013
The current code works if pw->pw_shell is bash because:
"If the shell is started with the effective user (group) id not equal to
the real user (group) id, and the -p option is not supplied, these actions
are taken and the effective user id is set to the real user id."
Thus, for bash, weston's EUID == UID.
For zsh, the -p option "is enabled automatically on startup if the effective
user (group) ID is not equal to the real user (group) ID."
Thus, weston's EUID = 0, and if pw_shell is zsh, /run/user/$UID/wayland-0 is
created with euid root and not writeable by the user, causing all clients to
fail.
Fix this by always dropping privileges to the user.
Regression introduced in 636156d.
---
src/weston-launch.c | 20 +++++++++++++-------
1 file changed, 13 insertions(+), 7 deletions(-)
diff --git a/src/weston-launch.c b/src/weston-launch.c
index a111812..5b03094 100644
--- a/src/weston-launch.c
+++ b/src/weston-launch.c
@@ -513,13 +513,6 @@ setup_session(struct weston_launch *wl)
error(1, errno, "TIOCSCTTY failed - tty is in use");
}
- if (setgid(wl->pw->pw_gid) < 0 ||
-#ifdef HAVE_INITGROUPS
- initgroups(wl->pw->pw_name, wl->pw->pw_gid) < 0 ||
-#endif
- setuid(wl->pw->pw_uid) < 0)
- error(1, errno, "dropping privileges failed");
-
term = getenv("TERM");
clearenv();
setenv("TERM", term, 1);
@@ -539,6 +532,17 @@ setup_session(struct weston_launch *wl)
}
static void
+drop_privileges(struct weston_launch *wl)
+{
+ if (setgid(wl->pw->pw_gid) < 0 ||
+#ifdef HAVE_INITGROUPS
+ initgroups(wl->pw->pw_name, wl->pw->pw_gid) < 0 ||
+#endif
+ setuid(wl->pw->pw_uid) < 0)
+ error(1, errno, "dropping privileges failed");
+}
+
+static void
launch_compositor(struct weston_launch *wl, int argc, char *argv[])
{
char *child_argv[MAX_ARGV_SIZE];
@@ -550,6 +554,8 @@ launch_compositor(struct weston_launch *wl, int argc, char *argv[])
if (wl->new_user)
setup_session(wl);
+ drop_privileges(wl);
+
if (wl->tty != STDIN_FILENO)
setenv_fd("WESTON_TTY_FD", wl->tty);
--
1.8.2.1
More information about the wayland-devel
mailing list