commit: eacb154d166531eebf7682b6af8041529c044bdc
parent: fd988723948cc946481a66ab5256339c20982609
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date: Mon, 1 Jul 2019 06:20:52 +0200
inaban: Forbid running as root, drop permission if setuid
Diffstat:
1 file changed, 28 insertions(+), 0 deletions(-)
diff --git a/inaban.c b/inaban.c
@@ -853,9 +853,35 @@ server_new_xdg_surface(struct wl_listener *listener, void *data)
wl_list_insert(&server->views, &view->link);
}
+static bool
+drop_permissions(void)
+{
+ if(getuid() != geteuid() || getgid() != getegid())
+ {
+ if(setuid(getuid()) != 0 || setgid(getgid()) != 0)
+ {
+ wlr_log(WLR_ERROR, "Unable to drop root, refusing to continue");
+ return false;
+ }
+ if(geteuid() == 0 && getegid() == 0)
+ {
+ wlr_log(WLR_ERROR,
+ "Still effectively running as root after dropping permissions, refusing to continue");
+ return false;
+ }
+ }
+
+ return true;
+}
+
int
main(int argc, char *argv[])
{
+ if(geteuid() == 0 && getegid() == 0)
+ {
+ wlr_log(WLR_ERROR, "Running as root is unsupported, refusing to continue");
+ return false;
+ }
wlr_log_init(WLR_DEBUG, NULL);
char *startup_cmd = NULL;
@@ -888,6 +914,8 @@ main(int argc, char *argv[])
* don't). */
server.backend = wlr_backend_autocreate(server.wl_display, NULL);
+ if(!drop_permissions()) abort();
+
/* If we don't provide a renderer, autocreate makes a GLES2 renderer for us.
* The renderer is responsible for defining the various pixel formats it
* supports for shared memory, this configures that for clients. */
