seatd-launch: Use absolute path for seatd

We previously used execlp to execute seatd, which had the effect of
searching PATH for the executable. This allowed the caller to control
what executable was run, which is bad if SUID has been set.

Instead, expose the absolute install path for seatd from meason as a
define, and use that in a call to execv.

2 files changed, 8 insertions, 4 deletions

diff --git a/meson.build b/meson.build
index 999380d..b6892c7 100644
--- a/meson.build
+++ b/meson.build
@@ -22,6 +22,8 @@ if defaultpath == ''
 	endif
 endif
 
+seatdpath = '@0@/@1@/seatd'.format(get_option('prefix'), get_option('bindir'))
+
 cc = meson.get_compiler('c')
 add_project_arguments(cc.get_supported_arguments(
 	[
@@ -41,7 +43,8 @@ add_project_arguments(cc.get_supported_arguments(
 		'-D_XOPEN_SOURCE=700',
 		'-D__BSD_VISIBLE',
 		'-DSEATD_VERSION="@0@"'.format(meson.project_version()),
-		'-DSEATD_DEFAULTPATH="@0@"'.format(defaultpath)
+		'-DSEATD_DEFAULTPATH="@0@"'.format(defaultpath),
+		'-DSEATD_INSTALLPATH="@0@"'.format(seatdpath),
 	]),
 	language: 'c',
 )
diff --git a/seatd-launch/seatd-launch.c b/seatd-launch/seatd-launch.c
index b9d33d7..7b41bb6 100644
--- a/seatd-launch/seatd-launch.c
+++ b/seatd-launch/seatd-launch.c
@@ -68,10 +68,11 @@ int main(int argc, char *argv[]) {
 	} else if (seatd_child == 0) {
 		close(fds[0]);
 
-		char pipebuf[8];
-		sprintf(pipebuf, "%d", fds[1]);
+		char pipebuf[16] = {0};
+		snprintf(pipebuf, sizeof pipebuf, "%d", fds[1]);
 
-		execlp("seatd", "seatd", "-n", pipebuf, "-s", sockpath, NULL);
+		char *command[] = {"seatd", "-n", pipebuf, "-s", sockpath, NULL};
+		execv(SEATD_INSTALLPATH, command);
 		perror("Could not start seatd");
 		_exit(1);
 	}