[PATCH weston] weston-launch: Let the user use her real shell
Jason Ekstrand
jason at jlekstrand.net
Thu Mar 6 07:01:55 PST 2014
Where is the shell coming from? If it's the shell specified in /etc/paswd
and if we can guarantee that it doesn't read ~/.profile or similar than
it's ok. However, If this is the case, then how is it useful to run with
the user's shell?
If it is the shell from $SHELL or if it reads ~/.profile and friends, then
we have just leaked drm/evdev fd's to the entire system and that's bad. If
the caller can specify a shell or specify the environment in which the
shell runs, then a malicious program can modify this stuff too, run
weston-launch, and get access to protected stuff. Please double-check this.
--Jason Ekstrand
On Mar 6, 2014 8:03 AM, "Quentin Glidic" <sardemff7+wayland at sardemff7.net>
wrote:
> From: Quentin Glidic <sardemff7+git at sardemff7.net>
>
> Signed-off-by: Quentin Glidic <sardemff7+git at sardemff7.net>
> ---
>
> This patch restores the old behaviour if the user wants to. This keeps
> /bin/sh around for shells that do not understand -c "weston \"$@\"".
>
> src/weston-launch.c | 10 ++++++++--
> 1 file changed, 8 insertions(+), 2 deletions(-)
>
> diff --git a/src/weston-launch.c b/src/weston-launch.c
> index 56e22b1..fd04552 100644
> --- a/src/weston-launch.c
> +++ b/src/weston-launch.c
> @@ -103,6 +103,7 @@ struct weston_launch {
>
> pid_t child;
> int verbose;
> + int user_shell;
> char *new_user;
> };
>
> @@ -644,7 +645,7 @@ launch_compositor(struct weston_launch *wl, int argc,
> char *argv[])
> sigaddset(&mask, SIGINT);
> sigprocmask(SIG_UNBLOCK, &mask, NULL);
>
> - child_argv[0] = "/bin/sh";
> + child_argv[0] = wl->user_shell ? wl->pw->pw_shell : "/bin/sh";
> child_argv[1] = "-l";
> child_argv[2] = "-c";
> child_argv[3] = BINDIR "/weston \"$@\"";
> @@ -663,6 +664,7 @@ help(const char *name)
> fprintf(stderr, "Usage: %s [args...] [-- [weston args..]]\n",
> name);
> fprintf(stderr, " -u, --user Start session as specified
> username\n");
> fprintf(stderr, " -t, --tty Start session on alternative
> tty\n");
> + fprintf(stderr, " -s, --shell Use the user shell instead of
> /bin/sh to run weston\n");
> fprintf(stderr, " -v, --verbose Be verbose\n");
> fprintf(stderr, " -h, --help Display this help message\n");
> }
> @@ -676,6 +678,7 @@ main(int argc, char *argv[])
> struct option opts[] = {
> { "user", required_argument, NULL, 'u' },
> { "tty", required_argument, NULL, 't' },
> + { "shell", no_argument, NULL, 's' },
> { "verbose", no_argument, NULL, 'v' },
> { "help", no_argument, NULL, 'h' },
> { 0, 0, NULL, 0 }
> @@ -683,7 +686,7 @@ main(int argc, char *argv[])
>
> memset(&wl, 0, sizeof wl);
>
> - while ((c = getopt_long(argc, argv, "u:t::vh", opts, &i)) != -1) {
> + while ((c = getopt_long(argc, argv, "u:t::svh", opts, &i)) != -1) {
> switch (c) {
> case 'u':
> wl.new_user = optarg;
> @@ -693,6 +696,9 @@ main(int argc, char *argv[])
> case 't':
> tty = optarg;
> break;
> + case 's':
> + wl.user_shell = 1;
> + break;
> case 'v':
> wl.verbose = 1;
> break;
> --
> 1.9.0
>
> _______________________________________________
> wayland-devel mailing list
> wayland-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/wayland-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/wayland-devel/attachments/20140306/ef66c328/attachment-0001.html>
More information about the wayland-devel
mailing list