commit cb118ba9ad4436d513172882ae96296240a93e8b
parent 128cd36e8b5715d5d9f3246ea2adea2aa2b2dc48
Author: deurzen <max@deurzen.net>
Date: Thu, 2 Jun 2022 13:55:28 +0200
drops privileges before compositor initialization
Diffstat:
1 file changed, 21 insertions(+), 0 deletions(-)
diff --git a/src/kranewl/main.cc b/src/kranewl/main.cc
@@ -10,11 +10,27 @@
#include <spdlog/spdlog.h>
extern "C" {
+#include <unistd.h>
#include <wlr/util/log.h>
}
#include <string>
+static inline bool
+drop_privileges()
+{
+ if (getuid() != geteuid() || getgid() != getegid())
+ if (setuid(getuid()) || setgid(getgid()))
+ return false;
+
+ if (!geteuid() || !getegid()) {
+ spdlog::error("Running as root is prohibited");
+ return false;
+ }
+
+ return true;
+}
+
int
main(int argc, char** argv)
{
@@ -29,6 +45,11 @@ main(int argc, char** argv)
spdlog::set_level(spdlog::level::info);
#endif
+ if (!drop_privileges()) {
+ spdlog::critical("Could not drop privileges");
+ return EXIT_FAILURE;
+ }
+
const Options options = parse_options(argc, argv);
spdlog::info("Initializing kranewl-" VERSION);
