[PATCH] weston-launch: only drop privileges when uid/gid != euid/egid

Peter Hutterer peter.hutterer at who-t.net
Mon Aug 5 22:09:10 PDT 2013

initgroups requires CAP_SETGID and may fail. If we're not actually
changing anything anyway we can just skip this and (most likely) fail later
when we don't have the required permissions to open something.
Should arguably be part of the previous patch but since it changes behaviour
from before 636156d, here it is separately.

running weston-launch as user (w/o suid bit set) now passes this bit (and
fails later, but still :)

 src/weston-launch.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/weston-launch.c b/src/weston-launch.c
index 5b03094..06194a9 100644
--- a/src/weston-launch.c
+++ b/src/weston-launch.c
@@ -554,7 +554,8 @@ launch_compositor(struct weston_launch *wl, int argc, char *argv[])
 	if (wl->new_user)
-	drop_privileges(wl);
+	if (getuid() != geteuid() || getgid() != getegid())
+		drop_privileges(wl);
 	if (wl->tty != STDIN_FILENO)
 		setenv_fd("WESTON_TTY_FD", wl->tty);

More information about the wayland-devel mailing list