[PATCH] weston-launch: always drop privileges before execve
Kristian Høgsberg
hoegsberg at gmail.com
Thu Aug 8 14:11:02 PDT 2013
On Tue, Aug 06, 2013 at 12:10:09PM +1000, Peter Hutterer wrote:
> The current code works if pw->pw_shell is bash because:
> "If the shell is started with the effective user (group) id not equal to
> the real user (group) id, and the -p option is not supplied, these actions
> are taken and the effective user id is set to the real user id."
>
> Thus, for bash, weston's EUID == UID.
>
> For zsh, the -p option "is enabled automatically on startup if the effective
> user (group) ID is not equal to the real user (group) ID."
> Thus, weston's EUID = 0, and if pw_shell is zsh, /run/user/$UID/wayland-0 is
> created with euid root and not writeable by the user, causing all clients to
> fail.
>
> Fix this by always dropping privileges to the user.
>
> Regression introduced in 636156d.
Argh, that's terrible, thanks for finding that. Committed.
Kristian
> ---
> src/weston-launch.c | 20 +++++++++++++-------
> 1 file changed, 13 insertions(+), 7 deletions(-)
>
> diff --git a/src/weston-launch.c b/src/weston-launch.c
> index a111812..5b03094 100644
> --- a/src/weston-launch.c
> +++ b/src/weston-launch.c
> @@ -513,13 +513,6 @@ setup_session(struct weston_launch *wl)
> error(1, errno, "TIOCSCTTY failed - tty is in use");
> }
>
> - if (setgid(wl->pw->pw_gid) < 0 ||
> -#ifdef HAVE_INITGROUPS
> - initgroups(wl->pw->pw_name, wl->pw->pw_gid) < 0 ||
> -#endif
> - setuid(wl->pw->pw_uid) < 0)
> - error(1, errno, "dropping privileges failed");
> -
> term = getenv("TERM");
> clearenv();
> setenv("TERM", term, 1);
> @@ -539,6 +532,17 @@ setup_session(struct weston_launch *wl)
> }
>
> static void
> +drop_privileges(struct weston_launch *wl)
> +{
> + if (setgid(wl->pw->pw_gid) < 0 ||
> +#ifdef HAVE_INITGROUPS
> + initgroups(wl->pw->pw_name, wl->pw->pw_gid) < 0 ||
> +#endif
> + setuid(wl->pw->pw_uid) < 0)
> + error(1, errno, "dropping privileges failed");
> +}
> +
> +static void
> launch_compositor(struct weston_launch *wl, int argc, char *argv[])
> {
> char *child_argv[MAX_ARGV_SIZE];
> @@ -550,6 +554,8 @@ launch_compositor(struct weston_launch *wl, int argc, char *argv[])
> if (wl->new_user)
> setup_session(wl);
>
> + drop_privileges(wl);
> +
> if (wl->tty != STDIN_FILENO)
> setenv_fd("WESTON_TTY_FD", wl->tty);
>
> --
> 1.8.2.1
>
> _______________________________________________
> wayland-devel mailing list
> wayland-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/wayland-devel
More information about the wayland-devel
mailing list