46 lines
1.2 KiB
C
46 lines
1.2 KiB
C
pam_unix(8) requires root priveleges to access master.passwd(5)
|
|
but don't keep root for non-authentication activities.
|
|
|
|
--- pam.c.orig 2019-01-29 19:48:00 UTC
|
|
+++ pam.c
|
|
@@ -12,15 +12,40 @@
|
|
static char *pw_buf = NULL;
|
|
|
|
void initialize_pw_backend(int argc, char **argv) {
|
|
+#ifdef __linux__
|
|
if (getuid() != geteuid() || getgid() != getegid()) {
|
|
swaylock_log(LOG_ERROR,
|
|
"swaylock is setuid, but was compiled with the PAM"
|
|
" backend. Run 'chmod a-s %s' to fix. Aborting.", argv[0]);
|
|
exit(EXIT_FAILURE);
|
|
}
|
|
+#else
|
|
+ if (geteuid() != 0) {
|
|
+ swaylock_log(LOG_ERROR,
|
|
+ "swaylock needs to be setuid for pam_unix(8) to read /etc/master.passwd");
|
|
+ exit(EXIT_FAILURE);
|
|
+ }
|
|
+#endif
|
|
+
|
|
if (!spawn_comm_child()) {
|
|
exit(EXIT_FAILURE);
|
|
}
|
|
+
|
|
+#ifndef __linux__
|
|
+ if (setgid(getgid()) != 0) {
|
|
+ swaylock_log_errno(LOG_ERROR, "Unable to drop root");
|
|
+ exit(EXIT_FAILURE);
|
|
+ }
|
|
+ if (setuid(getuid()) != 0) {
|
|
+ swaylock_log_errno(LOG_ERROR, "Unable to drop root");
|
|
+ exit(EXIT_FAILURE);
|
|
+ }
|
|
+ if (setuid(0) != -1) {
|
|
+ swaylock_log_errno(LOG_ERROR, "Unable to drop root (we shouldn't be "
|
|
+ "able to restore it after setuid)");
|
|
+ exit(EXIT_FAILURE);
|
|
+ }
|
|
+#endif
|
|
}
|
|
|
|
static int handle_conversation(int num_msg, const struct pam_message **msg,
|