From: Johan Malm Date: Fri, 14 Oct 2022 22:27:42 +0000 (+0100) Subject: Refuse to start when SUID is detected X-Git-Url: https://git.mdlowis.com/?a=commitdiff_plain;h=573a521cf1363257d1d83bcadbb3d74b76baa558;p=proto%2Flabwc.git Refuse to start when SUID is detected This ensures that those surprised by the deprecation of SUID operation receive an error rather than accidentally having run as root. swaywm/sway@e572805 --- diff --git a/src/main.c b/src/main.c index 04d020cb..b7d7bbb3 100644 --- a/src/main.c +++ b/src/main.c @@ -47,6 +47,19 @@ usage(void) exit(0); } +static void +die_on_detecting_suid(void) +{ + if (geteuid() != 0 && getegid() != 0) { + return; + } + if (getuid() == geteuid() && getgid() == getegid()) { + return; + } + wlr_log(WLR_ERROR, "SUID detected - aborting"); + exit(EXIT_FAILURE); +} + static void send_signal_to_labwc_pid(int signal) { @@ -118,6 +131,8 @@ main(int argc, char *argv[]) wlr_log_init(verbosity, NULL); + die_on_detecting_suid(); + if (!rc.config_dir) { rc.config_dir = config_dir(); } diff --git a/src/server.c b/src/server.c index 7195d7d5..f6a12249 100644 --- a/src/server.c +++ b/src/server.c @@ -66,28 +66,6 @@ handle_sigterm(int signal, void *data) return 0; } -static void -drop_permissions(void) -{ - if (getuid() != geteuid() || getgid() != getegid()) { - wlr_log(WLR_ERROR, "!!! DEPRECATION WARNING: " - "SUID privilege drop will be removed in future releases; " - "Please migrate to seatd-launch"); - if (setgid(getgid())) { - wlr_log(WLR_ERROR, "unable to drop root group"); - exit(EXIT_FAILURE); - } - if (setuid(getuid())) { - wlr_log(WLR_ERROR, "unable to drop root user"); - exit(EXIT_FAILURE); - } - } - if (setgid(0) != -1 || setuid(0) != -1) { - wlr_log(WLR_ERROR, "unable to drop root"); - exit(EXIT_FAILURE); - } -} - static void seat_inhibit_input(struct seat *seat, struct wl_client *active_client) { @@ -217,16 +195,6 @@ server_init(struct server *server) exit(EXIT_FAILURE); } - /* - * The wlroots library makes use of systemd's logind to handle sessions - * and to allow compositors to run without elevated privileges. - * If running without logind or elogind, users may choose to set the - * setuid bit on the labwc executable despite associated security - * implications. In order to support this, but limit the elevated - * privileges as much as possible, we drop permissions at this point. - */ - drop_permissions(); - /* * Autocreates a renderer, either Pixman, GLES2 or Vulkan for us. The * user can also specify a renderer using the WLR_RENDERER env var.