<p dir="ltr">Where is the shell coming from? If it's the shell specified in /etc/paswd and if we can guarantee that it doesn't read ~/.profile or similar than it's ok. However, If this is the case, then how is it useful to run with the user's shell?</p>
<p dir="ltr">If it is the shell from $SHELL or if it reads ~/.profile and friends, then we have just leaked drm/evdev fd's to the entire system and that's bad. If the caller can specify a shell or specify the environment in which the shell runs, then a malicious program can modify this stuff too, run weston-launch, and get access to protected stuff. Please double-check this.<br>
--Jason Ekstrand</p>
<div class="gmail_quote">On Mar 6, 2014 8:03 AM, "Quentin Glidic" <<a href="mailto:sardemff7%2Bwayland@sardemff7.net">sardemff7+wayland@sardemff7.net</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
From: Quentin Glidic <<a href="mailto:sardemff7%2Bgit@sardemff7.net">sardemff7+git@sardemff7.net</a>><br>
<br>
Signed-off-by: Quentin Glidic <<a href="mailto:sardemff7%2Bgit@sardemff7.net">sardemff7+git@sardemff7.net</a>><br>
---<br>
<br>
This patch restores the old behaviour if the user wants to. This keeps<br>
/bin/sh around for shells that do not understand -c "weston \"$@\"".<br>
<br>
src/weston-launch.c | 10 ++++++++--<br>
1 file changed, 8 insertions(+), 2 deletions(-)<br>
<br>
diff --git a/src/weston-launch.c b/src/weston-launch.c<br>
index 56e22b1..fd04552 100644<br>
--- a/src/weston-launch.c<br>
+++ b/src/weston-launch.c<br>
@@ -103,6 +103,7 @@ struct weston_launch {<br>
<br>
pid_t child;<br>
int verbose;<br>
+ int user_shell;<br>
char *new_user;<br>
};<br>
<br>
@@ -644,7 +645,7 @@ launch_compositor(struct weston_launch *wl, int argc, char *argv[])<br>
sigaddset(&mask, SIGINT);<br>
sigprocmask(SIG_UNBLOCK, &mask, NULL);<br>
<br>
- child_argv[0] = "/bin/sh";<br>
+ child_argv[0] = wl->user_shell ? wl->pw->pw_shell : "/bin/sh";<br>
child_argv[1] = "-l";<br>
child_argv[2] = "-c";<br>
child_argv[3] = BINDIR "/weston \"$@\"";<br>
@@ -663,6 +664,7 @@ help(const char *name)<br>
fprintf(stderr, "Usage: %s [args...] [-- [weston args..]]\n", name);<br>
fprintf(stderr, " -u, --user Start session as specified username\n");<br>
fprintf(stderr, " -t, --tty Start session on alternative tty\n");<br>
+ fprintf(stderr, " -s, --shell Use the user shell instead of /bin/sh to run weston\n");<br>
fprintf(stderr, " -v, --verbose Be verbose\n");<br>
fprintf(stderr, " -h, --help Display this help message\n");<br>
}<br>
@@ -676,6 +678,7 @@ main(int argc, char *argv[])<br>
struct option opts[] = {<br>
{ "user", required_argument, NULL, 'u' },<br>
{ "tty", required_argument, NULL, 't' },<br>
+ { "shell", no_argument, NULL, 's' },<br>
{ "verbose", no_argument, NULL, 'v' },<br>
{ "help", no_argument, NULL, 'h' },<br>
{ 0, 0, NULL, 0 }<br>
@@ -683,7 +686,7 @@ main(int argc, char *argv[])<br>
<br>
memset(&wl, 0, sizeof wl);<br>
<br>
- while ((c = getopt_long(argc, argv, "u:t::vh", opts, &i)) != -1) {<br>
+ while ((c = getopt_long(argc, argv, "u:t::svh", opts, &i)) != -1) {<br>
switch (c) {<br>
case 'u':<br>
wl.new_user = optarg;<br>
@@ -693,6 +696,9 @@ main(int argc, char *argv[])<br>
case 't':<br>
tty = optarg;<br>
break;<br>
+ case 's':<br>
+ wl.user_shell = 1;<br>
+ break;<br>
case 'v':<br>
wl.verbose = 1;<br>
break;<br>
--<br>
1.9.0<br>
<br>
_______________________________________________<br>
wayland-devel mailing list<br>
<a href="mailto:wayland-devel@lists.freedesktop.org">wayland-devel@lists.freedesktop.org</a><br>
<a href="http://lists.freedesktop.org/mailman/listinfo/wayland-devel" target="_blank">http://lists.freedesktop.org/mailman/listinfo/wayland-devel</a><br>
</blockquote></div>