<div dir="ltr">Just had my coffe - I mean through suid - i chmod-ed +s the weston executable.<div><br></div><div>I can't repro, I don't know what I did at that time.</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">
On Fri, Sep 27, 2013 at 9:03 AM, Damian, Alexandru <span dir="ltr"><<a href="mailto:alexandru.damian@intel.com" target="_blank">alexandru.damian@intel.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Launching weston directly through sudo. The seteuid failed for some reason - I didn't track it down - so I added the check.<span class="HOEnZb"><font color="#888888"><div><br></div><div>Alex</div></font></span></div>
<div class="gmail_extra"><div><div class="h5"><br><br><div class="gmail_quote">
On Thu, Sep 26, 2013 at 10:42 PM, Kristian Høgsberg <span dir="ltr"><<a href="mailto:hoegsberg@gmail.com" target="_blank">hoegsberg@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>On Wed, Sep 25, 2013 at 02:47:47PM +0100, Alex DAMIAN wrote:<br>
> From: Alexandru DAMIAN <<a href="mailto:alexandru.damian@intel.com" target="_blank">alexandru.damian@intel.com</a>><br>
><br>
> Checking the return value from seteuid in<br>
> order to not launch clients with the wrong effective uid.<br>
><br>
> Signed-off-by: Alexandru DAMIAN <<a href="mailto:alexandru.damian@intel.com" target="_blank">alexandru.damian@intel.com</a>><br>
> ---<br>
> src/compositor.c | 7 +++++--<br>
> 1 file changed, 5 insertions(+), 2 deletions(-)<br>
><br>
> diff --git a/src/compositor.c b/src/compositor.c<br>
> index bc4837f..1a85693 100644<br>
> --- a/src/compositor.c<br>
> +++ b/src/compositor.c<br>
> @@ -247,8 +247,11 @@ child_client_exec(int sockfd, const char *path)<br>
> sigfillset(&allsigs);<br>
> sigprocmask(SIG_UNBLOCK, &allsigs, NULL);<br>
><br>
> - /* Launch clients as the user. */<br>
> - seteuid(getuid());<br>
> + /* Launch clients as the user. Do not lauch clients with wrong euid.*/<br>
> + if (seteuid(getuid()) == -1) {<br>
> + weston_log("compositor: failed seteuid\n");<br>
> + return;<br>
> + }<br>
<br>
</div>Patch applied. How did you hit this?<br>
<br>
Kristian<br>
<div><br>
> /* SOCK_CLOEXEC closes both ends, so we dup the fd to get a<br>
> * non-CLOEXEC fd to pass through exec. */<br>
> --<br>
> 1.8.1.2<br>
><br>
</div>> _______________________________________________<br>
> wayland-devel mailing list<br>
> <a href="mailto:wayland-devel@lists.freedesktop.org" target="_blank">wayland-devel@lists.freedesktop.org</a><br>
> <a href="http://lists.freedesktop.org/mailman/listinfo/wayland-devel" target="_blank">http://lists.freedesktop.org/mailman/listinfo/wayland-devel</a><br>
</blockquote></div><br><br clear="all"><div><br></div></div></div><div class="im">-- <br><div dir="ltr">Alex Damian<div>Yocto Project<br></div><div>SSG / OTC </div></div>
</div></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr">Alex Damian<div>Yocto Project<br></div><div>SSG / OTC </div></div>
</div>