Where is the shell coming from? If it's the shell specified in /etc/paswd and if we can guarantee that it doesn't read ~/.profile or similar than it's ok. However, If this is the case, then how is it useful to run with the user's shell?
If it is the shell from $SHELL or if it reads ~/.profile and friends, then we have just leaked drm/evdev fd's to the entire system and that's bad. If the caller can specify a shell or specify the environment in which the shell runs, then a malicious program can modify this stuff too, run weston-launch, and get access to protected stuff. Please double-check this. --Jason Ekstrand On Mar 6, 2014 8:03 AM, "Quentin Glidic" <sardemff7+wayl...@sardemff7.net> wrote: > From: Quentin Glidic <sardemff7+...@sardemff7.net> > > Signed-off-by: Quentin Glidic <sardemff7+...@sardemff7.net> > --- > > This patch restores the old behaviour if the user wants to. This keeps > /bin/sh around for shells that do not understand -c "weston \"$@\"". > > src/weston-launch.c | 10 ++++++++-- > 1 file changed, 8 insertions(+), 2 deletions(-) > > diff --git a/src/weston-launch.c b/src/weston-launch.c > index 56e22b1..fd04552 100644 > --- a/src/weston-launch.c > +++ b/src/weston-launch.c > @@ -103,6 +103,7 @@ struct weston_launch { > > pid_t child; > int verbose; > + int user_shell; > char *new_user; > }; > > @@ -644,7 +645,7 @@ launch_compositor(struct weston_launch *wl, int argc, > char *argv[]) > sigaddset(&mask, SIGINT); > sigprocmask(SIG_UNBLOCK, &mask, NULL); > > - child_argv[0] = "/bin/sh"; > + child_argv[0] = wl->user_shell ? wl->pw->pw_shell : "/bin/sh"; > child_argv[1] = "-l"; > child_argv[2] = "-c"; > child_argv[3] = BINDIR "/weston \"$@\""; > @@ -663,6 +664,7 @@ help(const char *name) > fprintf(stderr, "Usage: %s [args...] [-- [weston args..]]\n", > name); > fprintf(stderr, " -u, --user Start session as specified > username\n"); > fprintf(stderr, " -t, --tty Start session on alternative > tty\n"); > + fprintf(stderr, " -s, --shell Use the user shell instead of > /bin/sh to run weston\n"); > fprintf(stderr, " -v, --verbose Be verbose\n"); > fprintf(stderr, " -h, --help Display this help message\n"); > } > @@ -676,6 +678,7 @@ main(int argc, char *argv[]) > struct option opts[] = { > { "user", required_argument, NULL, 'u' }, > { "tty", required_argument, NULL, 't' }, > + { "shell", no_argument, NULL, 's' }, > { "verbose", no_argument, NULL, 'v' }, > { "help", no_argument, NULL, 'h' }, > { 0, 0, NULL, 0 } > @@ -683,7 +686,7 @@ main(int argc, char *argv[]) > > memset(&wl, 0, sizeof wl); > > - while ((c = getopt_long(argc, argv, "u:t::vh", opts, &i)) != -1) { > + while ((c = getopt_long(argc, argv, "u:t::svh", opts, &i)) != -1) { > switch (c) { > case 'u': > wl.new_user = optarg; > @@ -693,6 +696,9 @@ main(int argc, char *argv[]) > case 't': > tty = optarg; > break; > + case 's': > + wl.user_shell = 1; > + break; > case 'v': > wl.verbose = 1; > break; > -- > 1.9.0 > > _______________________________________________ > wayland-devel mailing list > wayland-devel@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/wayland-devel >
_______________________________________________ wayland-devel mailing list wayland-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/wayland-devel