mirror of
https://github.com/swaywm/sway.git
synced 2025-01-28 13:55:08 +01:00
Fix ordering of setgid and setuid
It looks like the code to drop privileges may have been broken via
commit 37f0e1f
. That commit reverted the correct order from #911, which
first drops the gid then the uid. If setuid is called first then the
target user may not have the ability to setgid.
This commit is contained in:
parent
0b709702c1
commit
31a83bd48d
1 changed files with 8 additions and 3 deletions
11
sway/main.c
11
sway/main.c
|
@ -186,12 +186,17 @@ static void log_kernel(void) {
|
||||||
|
|
||||||
static bool drop_permissions(void) {
|
static bool drop_permissions(void) {
|
||||||
if (getuid() != geteuid() || getgid() != getegid()) {
|
if (getuid() != geteuid() || getgid() != getegid()) {
|
||||||
if (setuid(getuid()) != 0 || setgid(getgid()) != 0) {
|
// Set the gid and uid in the correct order.
|
||||||
sway_log(SWAY_ERROR, "Unable to drop root, refusing to start");
|
if (setgid(getgid()) != 0) {
|
||||||
|
sway_log(SWAY_ERROR, "Unable to drop root group, refusing to start");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
if (setuid(getuid()) != 0) {
|
||||||
|
sway_log(SWAY_ERROR, "Unable to drop root user, refusing to start");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (setuid(0) != -1) {
|
if (setgid(0) != -1 || setuid(0) != -1) {
|
||||||
sway_log(SWAY_ERROR, "Unable to drop root (we shouldn't be able to "
|
sway_log(SWAY_ERROR, "Unable to drop root (we shouldn't be able to "
|
||||||
"restore it after setuid), refusing to start");
|
"restore it after setuid), refusing to start");
|
||||||
return false;
|
return false;
|
||||||
|
|
Loading…
Reference in a new issue