[RFC] weston-launch: add option to start compositors other than weston

Pekka Paalanen ppaalanen at gmail.com
Mon Mar 19 10:24:37 UTC 2018


On Mon, 19 Mar 2018 11:41:46 +0200
Ilia Bozhinov <ammen99 at gmail.com> wrote:

> This is helpful for other compositors which utilize libweston without
> systemd-login support.
> 
> Signed-off-by: Ilia Bozhinov <ammen99 at gmail.com>
> ---
>  libweston/weston-launch.c | 35 +++++++++++++++++++++--------------
>  1 file changed, 21 insertions(+), 14 deletions(-)
> 
> diff --git a/libweston/weston-launch.c b/libweston/weston-launch.c
> index 1adcf21a..b8bceea2 100644
> --- a/libweston/weston-launch.c
> +++ b/libweston/weston-launch.c
> @@ -116,6 +116,7 @@ struct weston_launch {
>  	pid_t child;
>  	int verbose;
>  	char *new_user;
> +	char *compositor_cmd;
>  };
>  
>  union cmsg_data { unsigned char b[4]; int fd; };
> @@ -624,7 +625,7 @@ setup_session(struct weston_launch *wl, char **child_argv)
>  	child_argv[0] = "/bin/sh";
>  	child_argv[1] = "-l";
>  	child_argv[2] = "-c";
> -	child_argv[3] = BINDIR "/weston \"$@\"";
> +	child_argv[3] = strcat(wl->compositor_cmd ?: BINDIR "/weston", "\"$@\"");
>  	child_argv[4] = "weston";
>  	return 5;
>  }
> @@ -652,7 +653,7 @@ launch_compositor(struct weston_launch *wl, int argc, char *argv[])
>  	if (wl->new_user) {
>  		o = setup_session(wl, child_argv);
>  	} else {
> -		child_argv[0] = BINDIR "/weston";
> +		child_argv[0] = wl->compositor_cmd ?: BINDIR "/weston";
>  		o = 1;
>  	}
>  	for (i = 0; i < argc; ++i)
> @@ -683,12 +684,14 @@ static void
>  help(const char *name)
>  {
>  	fprintf(stderr, "Usage: %s [args...] [-- [weston args..]]\n", name);
> -	fprintf(stderr, "  -u, --user      Start session as specified username,\n"
> -			"                  e.g. -u joe, requires root.\n");
> -	fprintf(stderr, "  -t, --tty       Start session on alternative tty,\n"
> -			"                  e.g. -t /dev/tty4, requires -u option.\n");
> -	fprintf(stderr, "  -v, --verbose   Be verbose\n");
> -	fprintf(stderr, "  -h, --help      Display this help message\n");
> +	fprintf(stderr, "  -u, --user       Start session as specified username,\n"
> +			"                   e.g. -u joe, requires root.\n");
> +	fprintf(stderr, "  -t, --tty        Start session on alternative tty,\n"
> +			"                   e.g. -t /dev/tty4, requires -u option.\n");
> +	fprintf(stderr, "  -c, --compositor Start a compositor other than weston,\n"
> +			"                   e.g. -c /usr/bin/weston.\n");
> +	fprintf(stderr, "  -v, --verbose    Be verbose\n");
> +	fprintf(stderr, "  -h, --help       Display this help message\n");
>  }

Hi,

I do not think we can do this. weston-launch is a setuid-root program,
which gives the program it launches special privileges to e.g. open
input devices. If we do not restrict the possible programs it can
launch, anyone who can run weston-launch will be able to spy on all
input devices by using weston-launch to run a spy program.

If we had a trusted list of compositor binaries in trusted system
paths (a la /etc/shells), then that might work, but I don't trust
myself enough to say it would be a secure solution.


Thanks,
pq
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.freedesktop.org/archives/wayland-devel/attachments/20180319/ba371f47/attachment.sig>


More information about the wayland-devel mailing list