[PATCH] weston-launch: only drop privileges when uid/gid != euid/egid
Kristian Høgsberg
hoegsberg at gmail.com
Thu Aug 8 14:17:45 PDT 2013
On Tue, Aug 06, 2013 at 03:09:10PM +1000, Peter Hutterer wrote:
> initgroups requires CAP_SETGID and may fail. If we're not actually
> changing anything anyway we can just skip this and (most likely) fail later
> when we don't have the required permissions to open something.
> ---
> Should arguably be part of the previous patch but since it changes behaviour
> from before 636156d, here it is separately.
>
> running weston-launch as user (w/o suid bit set) now passes this bit (and
> fails later, but still :)
weston-launch has to run as setuid root so drop_privileges() shouldn't
fail, unless you're running as non-setuid as a regular user. Is this
just about getting a clearer error message and should we just go with
Armins patch instead then?
Kristian
> src/weston-launch.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/src/weston-launch.c b/src/weston-launch.c
> index 5b03094..06194a9 100644
> --- a/src/weston-launch.c
> +++ b/src/weston-launch.c
> @@ -554,7 +554,8 @@ launch_compositor(struct weston_launch *wl, int argc, char *argv[])
> if (wl->new_user)
> setup_session(wl);
>
> - drop_privileges(wl);
> + if (getuid() != geteuid() || getgid() != getegid())
> + drop_privileges(wl);
>
> if (wl->tty != STDIN_FILENO)
> setenv_fd("WESTON_TTY_FD", wl->tty);
> --
> 1.8.2.1
>
> _______________________________________________
> wayland-devel mailing list
> wayland-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/wayland-devel
More information about the wayland-devel
mailing list