From 00dfb768322adbd004f4a91a86eb1159a5136879 Mon Sep 17 00:00:00 2001 From: Arkadiusz Hiler Date: Sat, 29 Sep 2018 12:02:22 +0300 Subject: Remove libcap/prctl artifacts They seem like relics of the pasts, from when we were retaining the ptrace cap. Some translations still may need updates. --- sway/main.c | 63 ++++--------------------------------------------------------- 1 file changed, 4 insertions(+), 59 deletions(-) (limited to 'sway/main.c') diff --git a/sway/main.c b/sway/main.c index 990f5f3a..80111b8f 100644 --- a/sway/main.c +++ b/sway/main.c @@ -12,10 +12,6 @@ #include #include #include -#ifdef __linux__ -#include -#include -#endif #include #include "sway/commands.h" #include "sway/config.h" @@ -181,28 +177,8 @@ static void log_kernel() { pclose(f); } -static void executable_sanity_check() { -#ifdef __linux__ - struct stat sb; - char *exe = realpath("/proc/self/exe", NULL); - stat(exe, &sb); - // We assume that cap_get_file returning NULL implies ENODATA - if (sb.st_mode & (S_ISUID|S_ISGID) && cap_get_file(exe)) { - wlr_log(WLR_ERROR, - "sway executable has both the s(g)uid bit AND file caps set."); - wlr_log(WLR_ERROR, - "This is strongly discouraged (and completely broken)."); - wlr_log(WLR_ERROR, - "Please clear one of them (either the suid bit, or the file caps)."); - wlr_log(WLR_ERROR, - "If unsure, strip the file caps."); - exit(EXIT_FAILURE); - } - free(exe); -#endif -} -static void drop_permissions(bool keep_caps) { +static void drop_permissions(void) { if (getuid() != geteuid() || getgid() != getegid()) { if (setgid(getgid()) != 0) { wlr_log(WLR_ERROR, "Unable to drop root"); @@ -217,20 +193,6 @@ static void drop_permissions(bool keep_caps) { wlr_log(WLR_ERROR, "Root privileges can be restored."); exit(EXIT_FAILURE); } -#ifdef __linux__ - if (keep_caps) { - // Drop every cap except CAP_SYS_PTRACE - cap_t caps = cap_init(); - cap_value_t keep = CAP_SYS_PTRACE; - wlr_log(WLR_INFO, "Dropping extra capabilities"); - if (cap_set_flag(caps, CAP_PERMITTED, 1, &keep, CAP_SET) || - cap_set_flag(caps, CAP_EFFECTIVE, 1, &keep, CAP_SET) || - cap_set_proc(caps)) { - wlr_log(WLR_ERROR, "Failed to drop extra capabilities"); - exit(EXIT_FAILURE); - } - } -#endif } void enable_debug_flag(const char *flag) { @@ -347,7 +309,7 @@ int main(int argc, char **argv) { wlr_log(WLR_ERROR, "Don't use options with the IPC client"); exit(EXIT_FAILURE); } - drop_permissions(false); + drop_permissions(); char *socket_path = getenv("SWAYSOCK"); if (!socket_path) { wlr_log(WLR_ERROR, "Unable to retrieve socket path"); @@ -358,34 +320,17 @@ int main(int argc, char **argv) { return 0; } - executable_sanity_check(); - bool suid = false; - if (!server_privileged_prepare(&server)) { return 1; } -#if defined(__linux__) || defined(__FreeBSD__) - if (getuid() != geteuid() || getgid() != getegid()) { -#ifdef __linux__ - // Retain capabilities after setuid() - if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0)) { - wlr_log(WLR_ERROR, "Cannot keep caps after setuid()"); - exit(EXIT_FAILURE); - } -#endif - suid = true; - } -#endif - log_kernel(); log_distro(); detect_proprietary(); detect_raspi(); -#if defined(__linux__) || defined(__FreeBSD__) - drop_permissions(suid); -#endif + drop_permissions(); + // handle SIGTERM signals signal(SIGTERM, sig_handler); -- cgit v1.2.3 From 1e70f7b19e92c20a691f2697b2c92ea8b13daba3 Mon Sep 17 00:00:00 2001 From: Arkadiusz Hiler Date: Sun, 30 Sep 2018 13:58:49 +0300 Subject: Turn funcs() into funcs(void) If they really do not take undefined number of arguments. --- include/sway/config.h | 2 +- include/sway/debug.h | 2 +- include/sway/ipc-json.h | 2 +- include/swaybar/config.h | 2 +- sway/config/seat.c | 2 +- sway/debug-tree.c | 2 +- sway/input/cursor.c | 2 +- sway/ipc-json.c | 2 +- sway/main.c | 10 +++++----- sway/tree/container.c | 2 +- swaybar/config.c | 2 +- swayidle/main.c | 4 ++-- swaylock/main.c | 2 +- swaynag/config.c | 2 +- 14 files changed, 19 insertions(+), 19 deletions(-) (limited to 'sway/main.c') diff --git a/include/sway/config.h b/include/sway/config.h index 1c6e2ac4..5e28c678 100644 --- a/include/sway/config.h +++ b/include/sway/config.h @@ -469,7 +469,7 @@ struct seat_config *copy_seat_config(struct seat_config *seat); void free_seat_config(struct seat_config *ic); -struct seat_attachment_config *seat_attachment_config_new(); +struct seat_attachment_config *seat_attachment_config_new(void); struct seat_attachment_config *seat_config_get_attachment( struct seat_config *seat_config, char *identifier); diff --git a/include/sway/debug.h b/include/sway/debug.h index bf3a5f6d..0e9bb056 100644 --- a/include/sway/debug.h +++ b/include/sway/debug.h @@ -17,6 +17,6 @@ struct sway_debug { extern struct sway_debug debug; -void update_debug_tree(); +void update_debug_tree(void); #endif diff --git a/include/sway/ipc-json.h b/include/sway/ipc-json.h index fef243e3..1cbfd15d 100644 --- a/include/sway/ipc-json.h +++ b/include/sway/ipc-json.h @@ -4,7 +4,7 @@ #include "sway/tree/container.h" #include "sway/input/input-manager.h" -json_object *ipc_json_get_version(); +json_object *ipc_json_get_version(void); json_object *ipc_json_describe_disabled_output(struct sway_output *o); json_object *ipc_json_describe_node(struct sway_node *node); diff --git a/include/swaybar/config.h b/include/swaybar/config.h index 6739c28a..5f5688cf 100644 --- a/include/swaybar/config.h +++ b/include/swaybar/config.h @@ -50,7 +50,7 @@ struct swaybar_config { } colors; }; -struct swaybar_config *init_config(); +struct swaybar_config *init_config(void); void free_config(struct swaybar_config *config); uint32_t parse_position(const char *position); diff --git a/sway/config/seat.c b/sway/config/seat.c index 83dac4c0..46456caf 100644 --- a/sway/config/seat.c +++ b/sway/config/seat.c @@ -30,7 +30,7 @@ struct seat_config *new_seat_config(const char* name) { return seat; } -struct seat_attachment_config *seat_attachment_config_new() { +struct seat_attachment_config *seat_attachment_config_new(void) { struct seat_attachment_config *attachment = calloc(1, sizeof(struct seat_attachment_config)); if (!attachment) { diff --git a/sway/debug-tree.c b/sway/debug-tree.c index 9644f4e5..16b479f9 100644 --- a/sway/debug-tree.c +++ b/sway/debug-tree.c @@ -120,7 +120,7 @@ static int draw_node(cairo_t *cairo, struct sway_node *node, return height; } -void update_debug_tree() { +void update_debug_tree(void) { if (!debug.render_tree) { return; } diff --git a/sway/input/cursor.c b/sway/input/cursor.c index 2d5d351f..3ddc27a0 100644 --- a/sway/input/cursor.c +++ b/sway/input/cursor.c @@ -30,7 +30,7 @@ // when dragging to the edge of a layout container. #define DROP_LAYOUT_BORDER 30 -static uint32_t get_current_time_msec() { +static uint32_t get_current_time_msec(void) { struct timespec now; clock_gettime(CLOCK_MONOTONIC, &now); return now.tv_nsec / 1000; diff --git a/sway/ipc-json.c b/sway/ipc-json.c index f054ac9f..45915094 100644 --- a/sway/ipc-json.c +++ b/sway/ipc-json.c @@ -42,7 +42,7 @@ static const char *ipc_json_orientation_description(enum sway_container_layout l return "none"; } -json_object *ipc_json_get_version() { +json_object *ipc_json_get_version(void) { int major = 0, minor = 0, patch = 0; json_object *version = json_object_new_object(); diff --git a/sway/main.c b/sway/main.c index 80111b8f..50b05b21 100644 --- a/sway/main.c +++ b/sway/main.c @@ -41,7 +41,7 @@ void sig_handler(int signal) { sway_terminate(EXIT_SUCCESS); } -void detect_raspi() { +void detect_raspi(void) { bool raspi = false; FILE *f = fopen("/sys/firmware/devicetree/base/model", "r"); if (!f) { @@ -81,7 +81,7 @@ void detect_raspi() { } } -void detect_proprietary() { +void detect_proprietary(void) { FILE *f = fopen("/proc/modules", "r"); if (!f) { return; @@ -116,7 +116,7 @@ void run_as_ipc_client(char *command, char *socket_path) { close(socketfd); } -static void log_env() { +static void log_env(void) { const char *log_vars[] = { "PATH", "LD_LIBRARY_PATH", @@ -131,7 +131,7 @@ static void log_env() { } } -static void log_distro() { +static void log_distro(void) { const char *paths[] = { "/etc/lsb-release", "/etc/os-release", @@ -158,7 +158,7 @@ static void log_distro() { } } -static void log_kernel() { +static void log_kernel(void) { FILE *f = popen("uname -a", "r"); if (!f) { wlr_log(WLR_INFO, "Unable to determine kernel version"); diff --git a/sway/tree/container.c b/sway/tree/container.c index baaa82fd..66370a42 100644 --- a/sway/tree/container.c +++ b/sway/tree/container.c @@ -593,7 +593,7 @@ void container_update_representation(struct sway_container *con) { } } -size_t container_titlebar_height() { +size_t container_titlebar_height(void) { return config->font_height + TITLEBAR_V_PADDING * 2; } diff --git a/swaybar/config.c b/swaybar/config.c index db7b0db6..4e851cca 100644 --- a/swaybar/config.c +++ b/swaybar/config.c @@ -22,7 +22,7 @@ uint32_t parse_position(const char *position) { } } -struct swaybar_config *init_config() { +struct swaybar_config *init_config(void) { struct swaybar_config *config = calloc(1, sizeof(struct swaybar_config)); config->status_command = NULL; config->pango_markup = false; diff --git a/swayidle/main.c b/swayidle/main.c index 678d622f..5b6c95a7 100644 --- a/swayidle/main.c +++ b/swayidle/main.c @@ -92,7 +92,7 @@ static int release_lock(void *data) { return 0; } -void acquire_sleep_lock() { +void acquire_sleep_lock(void) { sd_bus_message *msg = NULL; sd_bus_error error = SD_BUS_ERROR_NULL; struct sd_bus *bus; @@ -161,7 +161,7 @@ static int dbus_event(int fd, uint32_t mask, void *data) { return 1; } -void setup_sleep_listener() { +void setup_sleep_listener(void) { struct sd_bus *bus; int ret = sd_bus_default_system(&bus); diff --git a/swaylock/main.c b/swaylock/main.c index 693cbc10..ed8c5607 100644 --- a/swaylock/main.c +++ b/swaylock/main.c @@ -32,7 +32,7 @@ void sway_terminate(int exit_code) { exit(exit_code); } -static void daemonize() { +static void daemonize(void) { int fds[2]; if (pipe(fds) != 0) { wlr_log(WLR_ERROR, "Failed to pipe"); diff --git a/swaynag/config.c b/swaynag/config.c index 4d0824c9..cd34dcc2 100644 --- a/swaynag/config.c +++ b/swaynag/config.c @@ -11,7 +11,7 @@ #include "util.h" #include "wlr-layer-shell-unstable-v1-client-protocol.h" -static char *read_from_stdin() { +static char *read_from_stdin(void) { char *buffer = NULL; while (!feof(stdin)) { char *line = read_line(stdin); -- cgit v1.2.3