On Mon, 19 Mar 2018 11:41:46 +0200 Ilia Bozhinov <[email protected]> wrote:
> This is helpful for other compositors which utilize libweston without > systemd-login support. > > Signed-off-by: Ilia Bozhinov <[email protected]> > --- > libweston/weston-launch.c | 35 +++++++++++++++++++++-------------- > 1 file changed, 21 insertions(+), 14 deletions(-) > > diff --git a/libweston/weston-launch.c b/libweston/weston-launch.c > index 1adcf21a..b8bceea2 100644 > --- a/libweston/weston-launch.c > +++ b/libweston/weston-launch.c > @@ -116,6 +116,7 @@ struct weston_launch { > pid_t child; > int verbose; > char *new_user; > + char *compositor_cmd; > }; > > union cmsg_data { unsigned char b[4]; int fd; }; > @@ -624,7 +625,7 @@ setup_session(struct weston_launch *wl, char **child_argv) > child_argv[0] = "/bin/sh"; > child_argv[1] = "-l"; > child_argv[2] = "-c"; > - child_argv[3] = BINDIR "/weston \"$@\""; > + child_argv[3] = strcat(wl->compositor_cmd ?: BINDIR "/weston", > "\"$@\""); > child_argv[4] = "weston"; > return 5; > } > @@ -652,7 +653,7 @@ launch_compositor(struct weston_launch *wl, int argc, > char *argv[]) > if (wl->new_user) { > o = setup_session(wl, child_argv); > } else { > - child_argv[0] = BINDIR "/weston"; > + child_argv[0] = wl->compositor_cmd ?: BINDIR "/weston"; > o = 1; > } > for (i = 0; i < argc; ++i) > @@ -683,12 +684,14 @@ static void > help(const char *name) > { > fprintf(stderr, "Usage: %s [args...] [-- [weston args..]]\n", name); > - fprintf(stderr, " -u, --user Start session as specified > username,\n" > - " e.g. -u joe, requires root.\n"); > - fprintf(stderr, " -t, --tty Start session on alternative tty,\n" > - " e.g. -t /dev/tty4, requires -u > option.\n"); > - fprintf(stderr, " -v, --verbose Be verbose\n"); > - fprintf(stderr, " -h, --help Display this help message\n"); > + fprintf(stderr, " -u, --user Start session as specified > username,\n" > + " e.g. -u joe, requires root.\n"); > + fprintf(stderr, " -t, --tty Start session on alternative tty,\n" > + " e.g. -t /dev/tty4, requires -u > option.\n"); > + fprintf(stderr, " -c, --compositor Start a compositor other than > weston,\n" > + " e.g. -c /usr/bin/weston.\n"); > + fprintf(stderr, " -v, --verbose Be verbose\n"); > + fprintf(stderr, " -h, --help Display this help message\n"); > } Hi, I do not think we can do this. weston-launch is a setuid-root program, which gives the program it launches special privileges to e.g. open input devices. If we do not restrict the possible programs it can launch, anyone who can run weston-launch will be able to spy on all input devices by using weston-launch to run a spy program. If we had a trusted list of compositor binaries in trusted system paths (a la /etc/shells), then that might work, but I don't trust myself enough to say it would be a secure solution. Thanks, pq
pgp0LpIOU0qyD.pgp
Description: OpenPGP digital signature
_______________________________________________ wayland-devel mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/wayland-devel
