tDrop privileges early when running with setuid() - spkp - Stacking wayland compositor
(HTM) git clone git://git.z3bra.org/spkp.git
(DIR) Log
(DIR) Files
(DIR) Refs
---
(DIR) commit f8c6fea6bb1813f6e180c792abbdccda07596d8f
(DIR) parent b8473ae7484a34f82ef3d7bebdaf2a3fef9c91bf
(HTM) Author: Willy Goiffon <dev@z3bra.org>
Date: Sat, 14 Nov 2020 13:52:11 +0100
Drop privileges early when running with setuid()
Diffstat:
M compositor.c | 23 ++++++++++++++++++++++-
1 file changed, 22 insertions(+), 1 deletion(-)
---
(DIR) diff --git a/compositor.c b/compositor.c
t@@ -197,6 +197,7 @@ static void add_pointer(struct state *, struct wlr_input_device *);
static void render(struct wlr_surface *, int, int, void *);
static void render_border(struct wlr_box *, struct rdata *, int);
static void focus(struct window *);
+static int dropprivilege();
static int keybinding(struct state *, uint32_t, uint32_t, enum wlr_key_state);
static struct window *underneath(struct state *, double, double);
t@@ -978,6 +979,22 @@ focus(struct window *window)
}
/*
+ * Drop current privileges to run as current user.
+ */
+int
+dropprivilege()
+{
+ if (getuid() == geteuid() && getgid() == getegid())
+ return 1;
+
+ if (!setgid(getgid()) && !setuid(getuid()))
+ return 1;
+
+ return 0;
+}
+
+
+/*
* Execute specific functions when an modifier/key combination is pressed.
*/
int
t@@ -1137,10 +1154,14 @@ main(int argc, char *argv[])
* create server side resources
*/
server.dpy = wl_display_create();
+ server.backend = wlr_backend_autocreate(server.dpy, NULL);
+
+ if (!dropprivilege())
+ return -1;
+
server.seat = wlr_seat_create(server.dpy, "seat0");
server.shell = wlr_xdg_shell_create(server.dpy);
server.layout = wlr_output_layout_create();
- server.backend = wlr_backend_autocreate(server.dpy, NULL);
server.renderer = wlr_backend_get_renderer(server.backend);
server.chrome_mgr = wlr_xdg_decoration_manager_v1_create(server.dpy);