[RFC] weston-launch: add option to start compositors other than weston
Ilia Bozhinov
ammen99 at gmail.com
Mon Mar 19 10:33:27 UTC 2018
Oops, sorry, I didn't consider that and I should have. Mods should remove
this patch.
But anyway, does that mean every compositor should provide its own version
of weston-launch or require systemd-login?
On Mon, Mar 19, 2018 at 12:24 PM, Pekka Paalanen <ppaalanen at gmail.com>
wrote:
> On Mon, 19 Mar 2018 11:41:46 +0200
> Ilia Bozhinov <ammen99 at gmail.com> wrote:
>
> > This is helpful for other compositors which utilize libweston without
> > systemd-login support.
> >
> > Signed-off-by: Ilia Bozhinov <ammen99 at gmail.com>
> > ---
> > libweston/weston-launch.c | 35 +++++++++++++++++++++--------------
> > 1 file changed, 21 insertions(+), 14 deletions(-)
> >
> > diff --git a/libweston/weston-launch.c b/libweston/weston-launch.c
> > index 1adcf21a..b8bceea2 100644
> > --- a/libweston/weston-launch.c
> > +++ b/libweston/weston-launch.c
> > @@ -116,6 +116,7 @@ struct weston_launch {
> > pid_t child;
> > int verbose;
> > char *new_user;
> > + char *compositor_cmd;
> > };
> >
> > union cmsg_data { unsigned char b[4]; int fd; };
> > @@ -624,7 +625,7 @@ setup_session(struct weston_launch *wl, char
> **child_argv)
> > child_argv[0] = "/bin/sh";
> > child_argv[1] = "-l";
> > child_argv[2] = "-c";
> > - child_argv[3] = BINDIR "/weston \"$@\"";
> > + child_argv[3] = strcat(wl->compositor_cmd ?: BINDIR "/weston",
> "\"$@\"");
> > child_argv[4] = "weston";
> > return 5;
> > }
> > @@ -652,7 +653,7 @@ launch_compositor(struct weston_launch *wl, int
> argc, char *argv[])
> > if (wl->new_user) {
> > o = setup_session(wl, child_argv);
> > } else {
> > - child_argv[0] = BINDIR "/weston";
> > + child_argv[0] = wl->compositor_cmd ?: BINDIR "/weston";
> > o = 1;
> > }
> > for (i = 0; i < argc; ++i)
> > @@ -683,12 +684,14 @@ static void
> > help(const char *name)
> > {
> > fprintf(stderr, "Usage: %s [args...] [-- [weston args..]]\n",
> name);
> > - fprintf(stderr, " -u, --user Start session as specified
> username,\n"
> > - " e.g. -u joe, requires root.\n");
> > - fprintf(stderr, " -t, --tty Start session on alternative
> tty,\n"
> > - " e.g. -t /dev/tty4, requires -u
> option.\n");
> > - fprintf(stderr, " -v, --verbose Be verbose\n");
> > - fprintf(stderr, " -h, --help Display this help message\n");
> > + fprintf(stderr, " -u, --user Start session as specified
> username,\n"
> > + " e.g. -u joe, requires
> root.\n");
> > + fprintf(stderr, " -t, --tty Start session on alternative
> tty,\n"
> > + " e.g. -t /dev/tty4, requires -u
> option.\n");
> > + fprintf(stderr, " -c, --compositor Start a compositor other than
> weston,\n"
> > + " e.g. -c /usr/bin/weston.\n");
> > + fprintf(stderr, " -v, --verbose Be verbose\n");
> > + fprintf(stderr, " -h, --help Display this help message\n");
> > }
>
> Hi,
>
> I do not think we can do this. weston-launch is a setuid-root program,
> which gives the program it launches special privileges to e.g. open
> input devices. If we do not restrict the possible programs it can
> launch, anyone who can run weston-launch will be able to spy on all
> input devices by using weston-launch to run a spy program.
>
> If we had a trusted list of compositor binaries in trusted system
> paths (a la /etc/shells), then that might work, but I don't trust
> myself enough to say it would be a secure solution.
>
>
> Thanks,
> pq
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/wayland-devel/attachments/20180319/4405a427/attachment-0001.html>
More information about the wayland-devel
mailing list