Oops, sorry, I didn't consider that and I should have. Mods should remove this patch.
But anyway, does that mean every compositor should provide its own version of weston-launch or require systemd-login? On Mon, Mar 19, 2018 at 12:24 PM, Pekka Paalanen <[email protected]> wrote: > On Mon, 19 Mar 2018 11:41:46 +0200 > Ilia Bozhinov <[email protected]> wrote: > > > This is helpful for other compositors which utilize libweston without > > systemd-login support. > > > > Signed-off-by: Ilia Bozhinov <[email protected]> > > --- > > libweston/weston-launch.c | 35 +++++++++++++++++++++-------------- > > 1 file changed, 21 insertions(+), 14 deletions(-) > > > > diff --git a/libweston/weston-launch.c b/libweston/weston-launch.c > > index 1adcf21a..b8bceea2 100644 > > --- a/libweston/weston-launch.c > > +++ b/libweston/weston-launch.c > > @@ -116,6 +116,7 @@ struct weston_launch { > > pid_t child; > > int verbose; > > char *new_user; > > + char *compositor_cmd; > > }; > > > > union cmsg_data { unsigned char b[4]; int fd; }; > > @@ -624,7 +625,7 @@ setup_session(struct weston_launch *wl, char > **child_argv) > > child_argv[0] = "/bin/sh"; > > child_argv[1] = "-l"; > > child_argv[2] = "-c"; > > - child_argv[3] = BINDIR "/weston \"$@\""; > > + child_argv[3] = strcat(wl->compositor_cmd ?: BINDIR "/weston", > "\"$@\""); > > child_argv[4] = "weston"; > > return 5; > > } > > @@ -652,7 +653,7 @@ launch_compositor(struct weston_launch *wl, int > argc, char *argv[]) > > if (wl->new_user) { > > o = setup_session(wl, child_argv); > > } else { > > - child_argv[0] = BINDIR "/weston"; > > + child_argv[0] = wl->compositor_cmd ?: BINDIR "/weston"; > > o = 1; > > } > > for (i = 0; i < argc; ++i) > > @@ -683,12 +684,14 @@ static void > > help(const char *name) > > { > > fprintf(stderr, "Usage: %s [args...] [-- [weston args..]]\n", > name); > > - fprintf(stderr, " -u, --user Start session as specified > username,\n" > > - " e.g. -u joe, requires root.\n"); > > - fprintf(stderr, " -t, --tty Start session on alternative > tty,\n" > > - " e.g. -t /dev/tty4, requires -u > option.\n"); > > - fprintf(stderr, " -v, --verbose Be verbose\n"); > > - fprintf(stderr, " -h, --help Display this help message\n"); > > + fprintf(stderr, " -u, --user Start session as specified > username,\n" > > + " e.g. -u joe, requires > root.\n"); > > + fprintf(stderr, " -t, --tty Start session on alternative > tty,\n" > > + " e.g. -t /dev/tty4, requires -u > option.\n"); > > + fprintf(stderr, " -c, --compositor Start a compositor other than > weston,\n" > > + " e.g. -c /usr/bin/weston.\n"); > > + fprintf(stderr, " -v, --verbose Be verbose\n"); > > + fprintf(stderr, " -h, --help Display this help message\n"); > > } > > Hi, > > I do not think we can do this. weston-launch is a setuid-root program, > which gives the program it launches special privileges to e.g. open > input devices. If we do not restrict the possible programs it can > launch, anyone who can run weston-launch will be able to spy on all > input devices by using weston-launch to run a spy program. > > If we had a trusted list of compositor binaries in trusted system > paths (a la /etc/shells), then that might work, but I don't trust > myself enough to say it would be a secure solution. > > > Thanks, > pq >
_______________________________________________ wayland-devel mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/wayland-devel
