summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBenjamin Franzke <benjaminfranzke@googlemail.com>2012-01-24 16:37:15 +0100
committerKristian Høgsberg <krh@bitplanet.net>2012-01-24 11:26:41 -0500
commitfc6ccb868fa735ee9c6592806f381aa1262bf0b2 (patch)
tree18efad5653209b6e8c242b2b33dcad8caa5300d1
parentef548fd3cad98ea98220f59eb7ce8b41afb2305a (diff)
weston: Drop priviledges early, and seteuid when needed
-rw-r--r--src/compositor.c3
-rw-r--r--src/evdev.c6
-rw-r--r--src/tty.c11
3 files changed, 20 insertions, 0 deletions
diff --git a/src/compositor.c b/src/compositor.c
index b4c766c..17fbc39 100644
--- a/src/compositor.c
+++ b/src/compositor.c
@@ -2088,6 +2088,9 @@ int main(int argc, char *argv[])
{ NULL, }
};
+ /* Drop privilidges early, use getresuid when needed again */
+ seteuid(getuid());
+
while (o = getopt_long(argc, argv, opts, longopts, &o), o > 0) {
switch (o) {
case 'B':
diff --git a/src/evdev.c b/src/evdev.c
index f489ede..101b63f 100644
--- a/src/evdev.c
+++ b/src/evdev.c
@@ -20,6 +20,8 @@
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#define _GNU_SOURCE
+
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -439,6 +441,7 @@ evdev_input_device_create(struct evdev_input *master,
struct evdev_input_device *device;
struct wl_event_loop *loop;
struct weston_compositor *ec;
+ uid_t saved_uid, uid, euid;
device = malloc(sizeof *device);
if (device == NULL)
@@ -456,7 +459,10 @@ evdev_input_device_create(struct evdev_input *master,
device->rel.dx = 0;
device->rel.dy = 0;
+ getresuid(&uid, &euid, &saved_uid);
+ seteuid(saved_uid);
device->fd = open(path, O_RDONLY);
+ seteuid(euid);
if (device->fd < 0)
goto err0;
diff --git a/src/tty.c b/src/tty.c
index 249f5bb..e823dcb 100644
--- a/src/tty.c
+++ b/src/tty.c
@@ -20,6 +20,8 @@
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#define _GNU_SOURCE
+
#include <termios.h>
#include <stdio.h>
#include <stdlib.h>
@@ -128,6 +130,7 @@ tty_create(struct weston_compositor *compositor, tty_vt_func_t vt_func,
struct wl_event_loop *loop;
struct stat buf;
char filename[16];
+ uid_t saved_uid, uid, euid;
tty = malloc(sizeof *tty);
if (tty == NULL)
@@ -136,6 +139,8 @@ tty_create(struct weston_compositor *compositor, tty_vt_func_t vt_func,
memset(tty, 0, sizeof *tty);
tty->compositor = compositor;
tty->vt_func = vt_func;
+ getresuid(&uid, &euid, &saved_uid);
+ seteuid(saved_uid);
if (tty_nr > 0) {
snprintf(filename, sizeof filename, "/dev/tty%d", tty_nr);
fprintf(stderr, "compositor: using %s\n", filename);
@@ -152,11 +157,13 @@ tty_create(struct weston_compositor *compositor, tty_vt_func_t vt_func,
if (tty->fd <= 0) {
fprintf(stderr, "failed to open tty: %m\n");
+ seteuid(euid);
return NULL;
}
if (tcgetattr(tty->fd, &tty->terminal_attributes) < 0) {
fprintf(stderr, "could not get terminal attributes: %m\n");
+ seteuid(euid);
return NULL;
}
@@ -178,6 +185,7 @@ tty_create(struct weston_compositor *compositor, tty_vt_func_t vt_func,
ret = ioctl(tty->fd, KDSETMODE, KD_GRAPHICS);
if (ret) {
fprintf(stderr, "failed to set KD_GRAPHICS mode on tty: %m\n");
+ seteuid(euid);
return NULL;
}
@@ -187,9 +195,12 @@ tty_create(struct weston_compositor *compositor, tty_vt_func_t vt_func,
mode.acqsig = SIGUSR1;
if (ioctl(tty->fd, VT_SETMODE, &mode) < 0) {
fprintf(stderr, "failed to take control of vt handling\n");
+ seteuid(euid);
return NULL;
}
+ seteuid(euid);
+
tty->vt_source =
wl_event_loop_add_signal(loop, SIGUSR1, vt_handler, tty);