Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refuse to start when SUID is detected #7044

Merged
merged 1 commit into from
Jun 3, 2022
Merged

Refuse to start when SUID is detected #7044

merged 1 commit into from
Jun 3, 2022

Conversation

kennylevinsen
Copy link
Member

This ensures that those surprised by the deprecation of SUID operation
receive an error rather than accidentally having sway run as root.

This detection will be removed in a future release.

emersion
emersion reviewed Jun 2, 2022
View reviewed changes
emersion
emersion reviewed Jun 2, 2022
View reviewed changes
emersion
emersion reviewed Jun 2, 2022
View reviewed changes
sway/main.c
return false;
}

sway_log(SWAY_ERROR, "SUID operation is no longer supported, refusing to start. "
"This check will be removed in a future release.");
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we want to remove this check in a future release?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The check mainly exists to avoid having people upgrade and suddenly have their existing SUID workflow turn into them suddenly running as root. After a release or two that concern should be gone.

We could leave the check in, but I also don't want to do unnecessary babysitting of users.

emersion
emersion reviewed Jun 2, 2022
View reviewed changes
Copy link
Member

@emersion emersion left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe it's time to rename server_privileged_prepare?

@kennylevinsen
Refuse to start when SUID is detected
3b3742f 
This ensures that those surprised by the deprecation of SUID operation
receive an error rather than accidentally having sway run as root.

This detection will be removed in a future release.
@kennylevinsen
Copy link
Member Author

Maybe it's time to rename server_privileged_prepare?

The split into prepare and init was pretty redundant now, so I merged prepare into server_init.

emersion
emersion approved these changes Jun 3, 2022
View reviewed changes
Copy link
Member

@emersion emersion left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@emersion emersion merged commit e572805 into swaywm:master Jun 3, 2022
This was referenced Jun 3, 2022
Closed
Closed
Closed
@kennylevinsen kennylevinsen mentioned this pull request Sep 19, 2022
Merged
@emersion emersion mentioned this pull request Dec 13, 2022
Merged
@psusi2
Copy link

psusi2 commented Mar 30, 2023

Why would you refuse to start if suid rather than do whatever privileged things you need to do ( such as setting realtime scheduling priority ), then drop privileges? Not everyone can enable CAP_SYS_NICE with an EA.

@kennylevinsen kennylevinsen deleted the deprecate-suid branch March 30, 2023 23:40
@kennylevinsen
Copy link
Member Author

We do not want SUID code as it is very hard to write safely and maintain.

Not everyone can enable CAP_SYS_NICE with an EA.

SUID is far too big a hammer for this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@emersion emersion emersion approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kennylevinsen @psusi2 @emersion