[[PATCH v3 2/2]] compositor: check if seteuid worked

Damian, Alexandru alexandru.damian at intel.com
Fri Sep 27 04:10:56 PDT 2013 

Just had my coffe - I mean through suid - i chmod-ed +s the weston
executable.

I can't repro, I don't know what I did at that time.


On Fri, Sep 27, 2013 at 9:03 AM, Damian, Alexandru <
alexandru.damian at intel.com> wrote:

> Launching weston directly through sudo. The seteuid failed for some reason
> - I didn't track it down - so I added the check.
>
> Alex
>
>
> On Thu, Sep 26, 2013 at 10:42 PM, Kristian Høgsberg <hoegsberg at gmail.com>wrote:
>
>> On Wed, Sep 25, 2013 at 02:47:47PM +0100, Alex DAMIAN wrote:
>> > From: Alexandru DAMIAN <alexandru.damian at intel.com>
>> >
>> > Checking the return value from seteuid in
>> > order to not launch clients with the wrong effective uid.
>> >
>> > Signed-off-by: Alexandru DAMIAN <alexandru.damian at intel.com>
>> > ---
>> >  src/compositor.c | 7 +++++--
>> >  1 file changed, 5 insertions(+), 2 deletions(-)
>> >
>> > diff --git a/src/compositor.c b/src/compositor.c
>> > index bc4837f..1a85693 100644
>> > --- a/src/compositor.c
>> > +++ b/src/compositor.c
>> > @@ -247,8 +247,11 @@ child_client_exec(int sockfd, const char *path)
>> >       sigfillset(&allsigs);
>> >       sigprocmask(SIG_UNBLOCK, &allsigs, NULL);
>> >
>> > -     /* Launch clients as the user. */
>> > -     seteuid(getuid());
>> > +     /* Launch clients as the user. Do not lauch clients with wrong
>> euid.*/
>> > +     if (seteuid(getuid()) == -1) {
>> > +             weston_log("compositor: failed seteuid\n");
>> > +             return;
>> > +     }
>>
>> Patch applied.  How did you hit this?
>>
>> Kristian
>>
>> >       /* SOCK_CLOEXEC closes both ends, so we dup the fd to get a
>> >        * non-CLOEXEC fd to pass through exec. */
>> > --
>> > 1.8.1.2
>> >
>> > _______________________________________________
>> > wayland-devel mailing list
>> > wayland-devel at lists.freedesktop.org
>> > http://lists.freedesktop.org/mailman/listinfo/wayland-devel
>>
>
>
>
> --
> Alex Damian
> Yocto Project
> SSG / OTC
>



-- 
Alex Damian
Yocto Project
SSG / OTC
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/wayland-devel/attachments/20130927/dc058a6d/attachment.html>

More information about the wayland-devel mailing list