weston-launch: always drop privileges before execve

The current code works if pw->pw_shell is bash because:
 "If the shell is started with the effective user (group) id not equal to
 the real user (group) id, and the -p option is not supplied, these actions
 are taken and the effective user id is set to the real user id."

Thus, for bash, weston's EUID == UID.

For zsh, the -p option "is enabled automatically on startup if the effective
user (group) ID is  not equal to the real user (group) ID."
Thus, weston's EUID = 0, and if pw_shell is zsh, /run/user/$UID/wayland-0 is
created with euid root and not writeable by the user, causing all clients to
fail.

Fix this by always dropping privileges to the user.

Regression introduced in 636156d.
dev
Peter Hutterer 12 years ago committed by Kristian Høgsberg
parent 4477fee1c3
commit 34be0608c7
  1. 20
      src/weston-launch.c

@ -513,13 +513,6 @@ setup_session(struct weston_launch *wl)
error(1, errno, "TIOCSCTTY failed - tty is in use");
}
if (setgid(wl->pw->pw_gid) < 0 ||
#ifdef HAVE_INITGROUPS
initgroups(wl->pw->pw_name, wl->pw->pw_gid) < 0 ||
#endif
setuid(wl->pw->pw_uid) < 0)
error(1, errno, "dropping privileges failed");
term = getenv("TERM");
clearenv();
setenv("TERM", term, 1);
@ -538,6 +531,17 @@ setup_session(struct weston_launch *wl)
}
}
static void
drop_privileges(struct weston_launch *wl)
{
if (setgid(wl->pw->pw_gid) < 0 ||
#ifdef HAVE_INITGROUPS
initgroups(wl->pw->pw_name, wl->pw->pw_gid) < 0 ||
#endif
setuid(wl->pw->pw_uid) < 0)
error(1, errno, "dropping privileges failed");
}
static void
launch_compositor(struct weston_launch *wl, int argc, char *argv[])
{
@ -550,6 +554,8 @@ launch_compositor(struct weston_launch *wl, int argc, char *argv[])
if (wl->new_user)
setup_session(wl);
drop_privileges(wl);
if (wl->tty != STDIN_FILENO)
setenv_fd("WESTON_TTY_FD", wl->tty);

Loading…
Cancel
Save