weston-launch: always drop privileges before execve

The current code works if pw->pw_shell is bash because: "If the shell is started with the effective user (group) id not equal to the real user (group) id, and the -p option is not supplied, these actions are taken and the effective user id is set to the real user id." Thus, for bash, weston's EUID == UID. For zsh, the -p option "is enabled automatically on startup if the effective user (group) ID is not equal to the real user (group) ID." Thus, weston's EUID = 0, and if pw_shell is zsh, /run/user/$UID/wayland-0 is created with euid root and not writeable by the user, causing all clients to fail. Fix this by always dropping privileges to the user. Regression introduced in 636156d.
12 years ago · 34be0608c7
parent 4477fee1c3
commit 34be0608c7
1 changed files with 13 additions and 7 deletions
--- a/src/weston-launch.c
+++ b/src/weston-launch.c
@ -513,13 +513,6 @@ setup_session(struct weston_launch *wl)
 			error(1, errno, "TIOCSCTTY failed - tty is in use");
 	}

-	if (setgid(wl->pw->pw_gid) < 0 ||
-#ifdef HAVE_INITGROUPS
-	    initgroups(wl->pw->pw_name, wl->pw->pw_gid) < 0 ||
-#endif
-	    setuid(wl->pw->pw_uid) < 0)
-		error(1, errno, "dropping privileges failed");
-
 	term = getenv("TERM");
 	clearenv();
 	setenv("TERM", term, 1);
@ -538,6 +531,17 @@ setup_session(struct weston_launch *wl)
 	}
 }

+static void
+drop_privileges(struct weston_launch *wl)
+{
+	if (setgid(wl->pw->pw_gid) < 0 ||
+#ifdef HAVE_INITGROUPS
+	    initgroups(wl->pw->pw_name, wl->pw->pw_gid) < 0 ||
+#endif
+	    setuid(wl->pw->pw_uid) < 0)
+		error(1, errno, "dropping privileges failed");
+}
+
 static void
 launch_compositor(struct weston_launch *wl, int argc, char *argv[])
 {
@ -550,6 +554,8 @@ launch_compositor(struct weston_launch *wl, int argc, char *argv[])
 	if (wl->new_user)
 		setup_session(wl);

+	drop_privileges(wl);
+
 	if (wl->tty != STDIN_FILENO)
 		setenv_fd("WESTON_TTY_FD", wl->tty);