[PATCH weston] launcher: don't exit when user is not root
Pekka Paalanen
ppaalanen at gmail.com
Tue Oct 31 07:29:31 UTC 2017
On Mon, 30 Oct 2017 12:21:50 -0500
Matt Hoosier <matt.hoosier at gmail.com> wrote:
> On Mon, Oct 30, 2017 at 10:02 AM, Pekka Paalanen <ppaalanen at gmail.com>
> wrote:
>
> > On Mon, 30 Oct 2017 15:20:42 +0100
> > Emre Ucan <eucan at de.adit-jv.com> wrote:
> >
> > > weston does not need to be root.
> > > It requires adjusting ownership on the given tty device.
> > >
> > > If weston does not have proper rights, it will get
> > > an error at startup anyway.
> > >
> > > Signed-off-by: Emre Ucan <eucan at de.adit-jv.com>
> > > ---
> > > libweston/launcher-direct.c | 3 ---
> > > 1 file changed, 3 deletions(-)
> > >
> > > diff --git a/libweston/launcher-direct.c b/libweston/launcher-direct.c
> > > index a5d3ee5..b05d214 100644
> > > --- a/libweston/launcher-direct.c
> > > +++ b/libweston/launcher-direct.c
> > > @@ -276,9 +276,6 @@ launcher_direct_connect(struct weston_launcher
> > **out, struct weston_compositor *
> > > {
> > > struct launcher_direct *launcher;
> > >
> > > - if (geteuid() != 0)
> > > - return -EINVAL;
> > > -
> > > launcher = zalloc(sizeof(*launcher));
> > > if (launcher == NULL)
> > > return -ENOMEM;
> >
> > NAK, for the reasons explained in
> > https://lists.freedesktop.org/archives/wayland-devel/2017-
> > October/035582.html
> >
> > To summarize, it's not only tty permissions but DRM and input devices
> > as well. If you set all these so that weston can actually run without
> > root using the direct launcher, then quite likely you have opened some
> > security holes.
>
>
> Just to confirm then: you are asserting that Weston is making a policy
> decision that the system has been configured poorly if it finds that, even
> though all the requested ioctl()'s and open()'s and friends have succeeded,
> that it didn't happen to be running as root?
In launcher-direct case, yes. It requiring root user specifically should
be an obvious big warning flag to point out that you probably should
not be using it in production. Maybe we failed to communicate that?
The documentation is scarce on the topic, IIRC.
Thanks,
pq
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.freedesktop.org/archives/wayland-devel/attachments/20171031/0066abe0/attachment.sig>
More information about the wayland-devel
mailing list