[PATCH] weston-launch: only drop privileges when uid/gid != euid/egid
Peter Hutterer
peter.hutterer at who-t.net
Mon Aug 5 22:09:10 PDT 2013
initgroups requires CAP_SETGID and may fail. If we're not actually
changing anything anyway we can just skip this and (most likely) fail later
when we don't have the required permissions to open something.
---
Should arguably be part of the previous patch but since it changes behaviour
from before 636156d, here it is separately.
running weston-launch as user (w/o suid bit set) now passes this bit (and
fails later, but still :)
src/weston-launch.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/weston-launch.c b/src/weston-launch.c
index 5b03094..06194a9 100644
--- a/src/weston-launch.c
+++ b/src/weston-launch.c
@@ -554,7 +554,8 @@ launch_compositor(struct weston_launch *wl, int argc, char *argv[])
if (wl->new_user)
setup_session(wl);
- drop_privileges(wl);
+ if (getuid() != geteuid() || getgid() != getegid())
+ drop_privileges(wl);
if (wl->tty != STDIN_FILENO)
setenv_fd("WESTON_TTY_FD", wl->tty);
--
1.8.2.1
More information about the wayland-devel
mailing list