[PATCH] weston-launch: only drop privileges when uid/gid != euid/egid
Peter Hutterer
peter.hutterer at who-t.net
Thu Aug 8 16:45:24 PDT 2013
On Thu, Aug 08, 2013 at 02:17:45PM -0700, Kristian Høgsberg wrote:
> On Tue, Aug 06, 2013 at 03:09:10PM +1000, Peter Hutterer wrote:
> > initgroups requires CAP_SETGID and may fail. If we're not actually
> > changing anything anyway we can just skip this and (most likely) fail later
> > when we don't have the required permissions to open something.
> > ---
> > Should arguably be part of the previous patch but since it changes behaviour
> > from before 636156d, here it is separately.
> >
> > running weston-launch as user (w/o suid bit set) now passes this bit (and
> > fails later, but still :)
>
> weston-launch has to run as setuid root so drop_privileges() shouldn't
> fail, unless you're running as non-setuid as a regular user. Is this
> just about getting a clearer error message and should we just go with
> Armins patch instead then?
yes, that's the better plan.
Cheers,
Peter
> > src/weston-launch.c | 3 ++-
> > 1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/src/weston-launch.c b/src/weston-launch.c
> > index 5b03094..06194a9 100644
> > --- a/src/weston-launch.c
> > +++ b/src/weston-launch.c
> > @@ -554,7 +554,8 @@ launch_compositor(struct weston_launch *wl, int argc, char *argv[])
> > if (wl->new_user)
> > setup_session(wl);
> >
> > - drop_privileges(wl);
> > + if (getuid() != geteuid() || getgid() != getegid())
> > + drop_privileges(wl);
> >
> > if (wl->tty != STDIN_FILENO)
> > setenv_fd("WESTON_TTY_FD", wl->tty);
> > --
> > 1.8.2.1
> >
> > _______________________________________________
> > wayland-devel mailing list
> > wayland-devel at lists.freedesktop.org
> > http://lists.freedesktop.org/mailman/listinfo/wayland-devel
More information about the wayland-devel
mailing list