diff options
| author | Mykyta Holubakha <hilobakho@gmail.com> | 2017-05-10 02:51:28 +0300 |
|---|---|---|
| committer | Mykyta Holubakha <hilobakho@gmail.com> | 2017-05-11 19:33:57 +0300 |
| commit | 93cf21fb9afd8205f01399ed2d8dcbe16b522fa4 (patch) | |
| tree | f95f15cb320b14620e56abc376396351f9cee706 | |
| parent | f736198c315bb91bfa7faff095181a3e8e89df94 (diff) | |
| download | sway-93cf21fb9afd8205f01399ed2d8dcbe16b522fa4.tar.xz | |
Terminate when both suid bit and filecaps are set
| -rw-r--r-- | sway/main.c | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/sway/main.c b/sway/main.c index 3d2d6c68..819788b1 100644 --- a/sway/main.c +++ b/sway/main.c @@ -27,6 +27,7 @@ #include "stringop.h" #include "sway.h" #include "log.h" +#include "util.h" static bool terminate_request = false; static int exit_value = 0; @@ -209,6 +210,27 @@ static void security_sanity_check() { #endif } +static void executable_sanity_check() { +#ifdef __linux__ + struct stat sb; + char *exe = realpath("/proc/self/exe", NULL); + stat(exe, &sb); + // We assume that cap_get_file returning NULL implies ENODATA + if (sb.st_mode & (S_ISUID|S_ISGID) && cap_get_file(exe)) { + sway_log(L_ERROR, + "sway executable has both the s(g)uid bit AND file caps set."); + sway_log(L_ERROR, + "This is strongly discouraged (and completely broken)."); + sway_log(L_ERROR, + "Please clear one of them (either the suid bit, or the file caps)."); + sway_log(L_ERROR, + "If unsure, strip the file caps."); + exit(EXIT_FAILURE); + } + free(exe); +#endif +} + int main(int argc, char **argv) { static int verbose = 0, debug = 0, validate = 0; @@ -326,6 +348,7 @@ int main(int argc, char **argv) { return 0; } + executable_sanity_check(); #ifdef __linux__ bool suid = false; if (getuid() != geteuid() || getgid() != getegid()) { |