diff options
author | Benjamin Franzke <benjaminfranzke@googlemail.com> | 2012-01-24 16:37:15 +0100 |
---|---|---|
committer | Kristian Høgsberg <krh@bitplanet.net> | 2012-01-24 11:26:41 -0500 |
commit | fc6ccb868fa735ee9c6592806f381aa1262bf0b2 (patch) | |
tree | 18efad5653209b6e8c242b2b33dcad8caa5300d1 | |
parent | ef548fd3cad98ea98220f59eb7ce8b41afb2305a (diff) |
weston: Drop priviledges early, and seteuid when needed
-rw-r--r-- | src/compositor.c | 3 | ||||
-rw-r--r-- | src/evdev.c | 6 | ||||
-rw-r--r-- | src/tty.c | 11 |
3 files changed, 20 insertions, 0 deletions
diff --git a/src/compositor.c b/src/compositor.c index b4c766c..17fbc39 100644 --- a/src/compositor.c +++ b/src/compositor.c @@ -2088,6 +2088,9 @@ int main(int argc, char *argv[]) { NULL, } }; + /* Drop privilidges early, use getresuid when needed again */ + seteuid(getuid()); + while (o = getopt_long(argc, argv, opts, longopts, &o), o > 0) { switch (o) { case 'B': diff --git a/src/evdev.c b/src/evdev.c index f489ede..101b63f 100644 --- a/src/evdev.c +++ b/src/evdev.c @@ -20,6 +20,8 @@ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#define _GNU_SOURCE + #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -439,6 +441,7 @@ evdev_input_device_create(struct evdev_input *master, struct evdev_input_device *device; struct wl_event_loop *loop; struct weston_compositor *ec; + uid_t saved_uid, uid, euid; device = malloc(sizeof *device); if (device == NULL) @@ -456,7 +459,10 @@ evdev_input_device_create(struct evdev_input *master, device->rel.dx = 0; device->rel.dy = 0; + getresuid(&uid, &euid, &saved_uid); + seteuid(saved_uid); device->fd = open(path, O_RDONLY); + seteuid(euid); if (device->fd < 0) goto err0; @@ -20,6 +20,8 @@ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#define _GNU_SOURCE + #include <termios.h> #include <stdio.h> #include <stdlib.h> @@ -128,6 +130,7 @@ tty_create(struct weston_compositor *compositor, tty_vt_func_t vt_func, struct wl_event_loop *loop; struct stat buf; char filename[16]; + uid_t saved_uid, uid, euid; tty = malloc(sizeof *tty); if (tty == NULL) @@ -136,6 +139,8 @@ tty_create(struct weston_compositor *compositor, tty_vt_func_t vt_func, memset(tty, 0, sizeof *tty); tty->compositor = compositor; tty->vt_func = vt_func; + getresuid(&uid, &euid, &saved_uid); + seteuid(saved_uid); if (tty_nr > 0) { snprintf(filename, sizeof filename, "/dev/tty%d", tty_nr); fprintf(stderr, "compositor: using %s\n", filename); @@ -152,11 +157,13 @@ tty_create(struct weston_compositor *compositor, tty_vt_func_t vt_func, if (tty->fd <= 0) { fprintf(stderr, "failed to open tty: %m\n"); + seteuid(euid); return NULL; } if (tcgetattr(tty->fd, &tty->terminal_attributes) < 0) { fprintf(stderr, "could not get terminal attributes: %m\n"); + seteuid(euid); return NULL; } @@ -178,6 +185,7 @@ tty_create(struct weston_compositor *compositor, tty_vt_func_t vt_func, ret = ioctl(tty->fd, KDSETMODE, KD_GRAPHICS); if (ret) { fprintf(stderr, "failed to set KD_GRAPHICS mode on tty: %m\n"); + seteuid(euid); return NULL; } @@ -187,9 +195,12 @@ tty_create(struct weston_compositor *compositor, tty_vt_func_t vt_func, mode.acqsig = SIGUSR1; if (ioctl(tty->fd, VT_SETMODE, &mode) < 0) { fprintf(stderr, "failed to take control of vt handling\n"); + seteuid(euid); return NULL; } + seteuid(euid); + tty->vt_source = wl_event_loop_add_signal(loop, SIGUSR1, vt_handler, tty); |