aboutsummaryrefslogtreecommitdiff
path: root/sway/main.c
diff options
context:
space:
mode:
Diffstat (limited to 'sway/main.c')
-rw-r--r--sway/main.c44
1 files changed, 13 insertions, 31 deletions
diff --git a/sway/main.c b/sway/main.c
index a0033c45..a46e5231 100644
--- a/sway/main.c
+++ b/sway/main.c
@@ -150,27 +150,17 @@ static void log_kernel(void) {
pclose(f);
}
-
-static bool drop_permissions(void) {
- if (getuid() != geteuid() || getgid() != getegid()) {
- sway_log(SWAY_ERROR, "!!! DEPRECATION WARNING: "
- "SUID privilege drop will be removed in a future release, please migrate to seatd-launch");
-
- // Set the gid and uid in the correct order.
- if (setgid(getgid()) != 0) {
- sway_log(SWAY_ERROR, "Unable to drop root group, refusing to start");
- return false;
- }
- if (setuid(getuid()) != 0) {
- sway_log(SWAY_ERROR, "Unable to drop root user, refusing to start");
- return false;
- }
+static bool detect_suid(void) {
+ if (geteuid() != 0 && getegid() != 0) {
+ return false;
}
- if (setgid(0) != -1 || setuid(0) != -1) {
- sway_log(SWAY_ERROR, "Unable to drop root (we shouldn't be able to "
- "restore it after setuid), refusing to start");
+
+ if (getuid() == geteuid() && getgid() == getegid()) {
return false;
}
+
+ sway_log(SWAY_ERROR, "SUID operation is no longer supported, refusing to start. "
+ "This check will be removed in a future release.");
return true;
}
@@ -319,6 +309,11 @@ int main(int argc, char **argv) {
}
}
+ // SUID operation is deprecated, so block it for now.
+ if (detect_suid()) {
+ exit(EXIT_FAILURE);
+ }
+
// Since wayland requires XDG_RUNTIME_DIR to be set, abort with just the
// clear error message (when not running as an IPC client).
if (!getenv("XDG_RUNTIME_DIR") && optind == argc) {
@@ -357,9 +352,6 @@ int main(int argc, char **argv) {
"`sway -d 2>sway.log`.");
exit(EXIT_FAILURE);
}
- if (!drop_permissions()) {
- exit(EXIT_FAILURE);
- }
char *socket_path = getenv("SWAYSOCK");
if (!socket_path) {
sway_log(SWAY_ERROR, "Unable to retrieve socket path");
@@ -372,16 +364,6 @@ int main(int argc, char **argv) {
}
detect_proprietary(allow_unsupported_gpu);
-
- if (!server_privileged_prepare(&server)) {
- return 1;
- }
-
- if (!drop_permissions()) {
- server_fini(&server);
- exit(EXIT_FAILURE);
- }
-
increase_nofile_limit();
// handle SIGTERM signals
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-02 21:13:42 +0000