[PATCH weston] launcher: don't exit when user is not root

Ucan, Emre (ADITG/ESB) eucan at de.adit-jv.com
Mon Oct 30 15:29:58 UTC 2017


Hi Pekka,

We are of course running graphical applications as a different user than weston user.
Therefore, the security flaws, which you mentioned, are not applicable.

Correct me if I am wrong, but weston-launch and logind are using setuid(), which itself is a major security problem.
Furthermore, IMO logind is not needed in an embedded system. The fancy tty and input handling for a multi-user environment is not needed in an embedded system.

I do not understand why you are against this patch. The patch is only removing an unnecessary restriction of running weston directly.
This patch is not setting any privileged rights to any non-root user :). Users of weston would still get errors if they do not set the rights accordingly.

IMO, it is much explanatory to get an error like "Cannot open drm device" than "weston cannot run as non-root user".

Best regards

Emre Ucan
Engineering Software Base (ADITG/ESB)

Tel. +49 5121 49 6937

> -----Original Message-----
> From: Pekka Paalanen [mailto:ppaalanen at gmail.com]
> Sent: Montag, 30. Oktober 2017 16:02
> To: Ucan, Emre (ADITG/ESB)
> Cc: wayland-devel at lists.freedesktop.org
> Subject: Re: [PATCH weston] launcher: don't exit when user is not root
> 
> On Mon, 30 Oct 2017 15:20:42 +0100
> Emre Ucan <eucan at de.adit-jv.com> wrote:
> 
> > weston does not need to be root.
> > It requires adjusting ownership on the given tty device.
> >
> > If weston does not have proper rights, it will get
> > an error at startup anyway.
> >
> > Signed-off-by: Emre Ucan <eucan at de.adit-jv.com>
> > ---
> >  libweston/launcher-direct.c | 3 ---
> >  1 file changed, 3 deletions(-)
> >
> > diff --git a/libweston/launcher-direct.c b/libweston/launcher-direct.c
> > index a5d3ee5..b05d214 100644
> > --- a/libweston/launcher-direct.c
> > +++ b/libweston/launcher-direct.c
> > @@ -276,9 +276,6 @@ launcher_direct_connect(struct weston_launcher
> **out, struct weston_compositor *
> >  {
> >  	struct launcher_direct *launcher;
> >
> > -	if (geteuid() != 0)
> > -		return -EINVAL;
> > -
> >  	launcher = zalloc(sizeof(*launcher));
> >  	if (launcher == NULL)
> >  		return -ENOMEM;
> 
> NAK, for the reasons explained in
> https://lists.freedesktop.org/archives/wayland-devel/2017-
> October/035582.html
> 
> To summarize, it's not only tty permissions but DRM and input devices
> as well. If you set all these so that weston can actually run without
> root using the direct launcher, then quite likely you have opened some
> security holes.
> 
> The direct launcher is specifically meant for running weston as root.
> Running as root is only for debugging and development, never for
> production.
> 
> 
> Thanks,
> pq


More information about the wayland-devel mailing list