[Wayland-bugs] [Bug 84817] Allow another local user to run programs on a WAYLAND_DISPLAY

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Thu Oct 9 05:23:51 PDT 2014


https://bugs.freedesktop.org/show_bug.cgi?id=84817

--- Comment #3 from nerdopolis1 at verizon.net ---
Sorry about the incomplete comment. I edited the title while drafting one, and
hit save. 

As for WAYLAND_SOCKET, if the user needs child processes, that will probably be
a bit unusable.


It might also be possible for the setuid helper to setup a bind mount to the
socket if it's not possible to make the Wayland server listen on two sockets,
but that might be a bit too hackish, as the setuid helper will need to run
again when the Wayland server dies to clean up the mounts.

At the very least, if the target user knows the XDG_RUNTIME_DIR and
WAYLAND_DISPLAY, you can set permissions for the user on the
XDG_RUNTIME_DISPLAY, and WAYLAND_DISPLAY socket file, and then have the user
symlink to it in their XDG_RUNTIME_DIR. This requires the user to have execute
permissions on the XDG_RUNTIME_DIR. (Either chmod 711, or just grant x
permissions with setfacl to the target user). If they know the file names of
other files in XDG_RUNTIME_DIR, they will be able to have permissions to them,
(mostly 755).

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/wayland-bugs/attachments/20141009/66c02f45/attachment.html>


More information about the wayland-bugs mailing list