[PATCH weston] launcher: don't exit when user is not root

Mon Oct 30 17:56:02 UTC 2017

On 30 October 2017 at 16:02, Pekka Paalanen <ppaalanen at gmail.com> wrote:
> On Mon, 30 Oct 2017 15:20:42 +0100
> Emre Ucan <eucan at de.adit-jv.com> wrote:
>
>> weston does not need to be root.
>> It requires adjusting ownership on the given tty device.
>>
>> If weston does not have proper rights, it will get
>> an error at startup anyway.
>>
>> Signed-off-by: Emre Ucan <eucan at de.adit-jv.com>
>> ---
>>  libweston/launcher-direct.c | 3 ---
>>  1 file changed, 3 deletions(-)
>>
>> diff --git a/libweston/launcher-direct.c b/libweston/launcher-direct.c
>> index a5d3ee5..b05d214 100644
>> --- a/libweston/launcher-direct.c
>> +++ b/libweston/launcher-direct.c
>> @@ -276,9 +276,6 @@ launcher_direct_connect(struct weston_launcher **out, struct weston_compositor *
>>  {
>>       struct launcher_direct *launcher;
>>
>> -     if (geteuid() != 0)
>> -             return -EINVAL;
>> -
>>       launcher = zalloc(sizeof(*launcher));
>>       if (launcher == NULL)
>>               return -ENOMEM;
>
> NAK, for the reasons explained in
> https://lists.freedesktop.org/archives/wayland-devel/2017-October/035582.html
>
> To summarize, it's not only tty permissions but DRM and input devices
> as well.

DRM and input is supposed to be accessible by console user on desktop systems.

Ever heard of rootless X?

Any user on the console should be able to randomly decide to run a GUI
server without any special privileges.

This can be set up by logind or it can be hardcoded by the
administrator to a particular user. Whatever the case just running the
GUI server should work without issues when permissions are set up
correctly.

> If you set all these so that weston can actually run without
> root using the direct launcher, then quite likely you have opened some
> security holes.
>
> The direct launcher is specifically meant for running weston as root.
> Running as root is only for debugging and development, never for
> production.

If you can run it as root you can run it as any user with sufficient
permissions.

The security implications of different setups should be the concern of
the system administrator and not launcher-direct.

Thanks

Michal