From 34be0608c786cbc93e14c198d5cd257a253d30d5 Mon Sep 17 00:00:00 2001 From: Peter Hutterer Date: Tue, 6 Aug 2013 12:10:09 +1000 Subject: [PATCH] weston-launch: always drop privileges before execve The current code works if pw->pw_shell is bash because: "If the shell is started with the effective user (group) id not equal to the real user (group) id, and the -p option is not supplied, these actions are taken and the effective user id is set to the real user id." Thus, for bash, weston's EUID == UID. For zsh, the -p option "is enabled automatically on startup if the effective user (group) ID is not equal to the real user (group) ID." Thus, weston's EUID = 0, and if pw_shell is zsh, /run/user/$UID/wayland-0 is created with euid root and not writeable by the user, causing all clients to fail. Fix this by always dropping privileges to the user. Regression introduced in 636156d. --- src/weston-launch.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/src/weston-launch.c b/src/weston-launch.c index a1118128..5b030945 100644 --- a/src/weston-launch.c +++ b/src/weston-launch.c @@ -513,13 +513,6 @@ setup_session(struct weston_launch *wl) error(1, errno, "TIOCSCTTY failed - tty is in use"); } - if (setgid(wl->pw->pw_gid) < 0 || -#ifdef HAVE_INITGROUPS - initgroups(wl->pw->pw_name, wl->pw->pw_gid) < 0 || -#endif - setuid(wl->pw->pw_uid) < 0) - error(1, errno, "dropping privileges failed"); - term = getenv("TERM"); clearenv(); setenv("TERM", term, 1); @@ -538,6 +531,17 @@ setup_session(struct weston_launch *wl) } } +static void +drop_privileges(struct weston_launch *wl) +{ + if (setgid(wl->pw->pw_gid) < 0 || +#ifdef HAVE_INITGROUPS + initgroups(wl->pw->pw_name, wl->pw->pw_gid) < 0 || +#endif + setuid(wl->pw->pw_uid) < 0) + error(1, errno, "dropping privileges failed"); +} + static void launch_compositor(struct weston_launch *wl, int argc, char *argv[]) { @@ -550,6 +554,8 @@ launch_compositor(struct weston_launch *wl, int argc, char *argv[]) if (wl->new_user) setup_session(wl); + drop_privileges(wl); + if (wl->tty != STDIN_FILENO) setenv_fd("WESTON_TTY_FD", wl->tty);