mherrb/seatd
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
seatd/seatd-launch/seatd-launch.c

186 lines
3.8 KiB
C
Raw Normal View History

seatd-launch: Add seatd launch wrapper This launch wrapper is used to conveniently start a new seatd instance, wait for it to be ready, and launch a target application.
2021-08-06 00:06:44 +02:00
#include <errno.h>
#include <poll.h>
#include <signal.h>
#include <stdbool.h>
#include <stddef.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
seatd-launch: Set socket permissions directly Instead of relying on seatd's user/group arguments, which require turning our UID back into a username, just chmod/chown the socket ourselves once seatd is ready. We also reduce the permissions to just user access, instead of user and group like seatd specifies.
2021-09-08 20:40:09 +02:00
#include <sys/stat.h>
seatd-launch: Add seatd launch wrapper This launch wrapper is used to conveniently start a new seatd instance, wait for it to be ready, and launch a target application.
2021-08-06 00:06:44 +02:00
#include <sys/wait.h>
#include <unistd.h>
int main(int argc, char *argv[]) {
(void)argc;
seatd-launch: Command line argument support
2021-08-06 23:00:05 +02:00
const char *usage = "Usage: seatd-launch [options] [--] command\n"
"\n"
" -h Show this help message\n"
" -s <path> Where to create the seatd socket\n"
" -v Show the version number\n"
"\n";
int c;
char *sockpath = NULL;
while ((c = getopt(argc, argv, "vhs:")) != -1) {
switch (c) {
case 's':
sockpath = optarg;
break;
case 'v':
printf("seatd-launch version %s\n", SEATD_VERSION);
return 0;
case 'h':
printf("%s", usage);
return 0;
case '?':
fprintf(stderr, "Try '%s -h' for more information.\n", argv[0]);
return 1;
default:
abort();
}
}
seatd-launch: Use optind to find the command The command indexing had not been updated afer the introduction of getopt, so combining a command with flags would fail. Add error handling for if no command was specified while we're at it.
2021-09-12 11:44:07 +02:00
if (optind >= argc) {
fprintf(stderr, "A command must be specified\n\n%s", usage);
return 1;
}
char **command = &argv[optind];
seatd-launch: Add seatd launch wrapper This launch wrapper is used to conveniently start a new seatd instance, wait for it to be ready, and launch a target application.
2021-08-06 00:06:44 +02:00
char sockbuf[256];
seatd-launch: Command line argument support
2021-08-06 23:00:05 +02:00
if (sockpath == NULL) {
sprintf(sockbuf, "/tmp/seatd.%d.sock", getpid());
sockpath = sockbuf;
}
seatd-launch: Add seatd launch wrapper This launch wrapper is used to conveniently start a new seatd instance, wait for it to be ready, and launch a target application.
2021-08-06 00:06:44 +02:00
seatd-launch: Command line argument support
2021-08-06 23:00:05 +02:00
unlink(sockpath);
seatd-launch: Add seatd launch wrapper This launch wrapper is used to conveniently start a new seatd instance, wait for it to be ready, and launch a target application.
2021-08-06 00:06:44 +02:00
int fds[2];
if (pipe(fds) == -1) {
perror("Could not create pipe");
goto error;
}
pid_t seatd_child = fork();
if (seatd_child == -1) {
perror("Could not fork seatd process");
goto error;
} else if (seatd_child == 0) {
close(fds[0]);
seatd-launch: Use absolute path for seatd We previously used execlp to execute seatd, which had the effect of searching PATH for the executable. This allowed the caller to control what executable was run, which is bad if SUID has been set. Instead, expose the absolute install path for seatd from meason as a define, and use that in a call to execv.
2021-09-15 23:34:02 +02:00
char pipebuf[16] = {0};
snprintf(pipebuf, sizeof pipebuf, "%d", fds[1]);
seatd-launch: check for getpwuid errors
2021-08-06 08:23:03 +00:00
seatd-launch: Use absolute path for seatd We previously used execlp to execute seatd, which had the effect of searching PATH for the executable. This allowed the caller to control what executable was run, which is bad if SUID has been set. Instead, expose the absolute install path for seatd from meason as a define, and use that in a call to execv.
2021-09-15 23:34:02 +02:00
char *command[] = {"seatd", "-n", pipebuf, "-s", sockpath, NULL};
execv(SEATD_INSTALLPATH, command);
seatd-launch: Add seatd launch wrapper This launch wrapper is used to conveniently start a new seatd instance, wait for it to be ready, and launch a target application.
2021-08-06 00:06:44 +02:00
perror("Could not start seatd");
seatd-launch: don't use gotos in child processes While forked (child pid is zero), don't use gotos. These will execute atexit functions and potentially mess up the stdlib. Instead, use _exit.
2021-08-06 08:23:02 +00:00
_exit(1);
seatd-launch: Add seatd launch wrapper This launch wrapper is used to conveniently start a new seatd instance, wait for it to be ready, and launch a target application.
2021-08-06 00:06:44 +02:00
}
close(fds[1]);
seatd-launch: Set socket permissions directly Instead of relying on seatd's user/group arguments, which require turning our UID back into a username, just chmod/chown the socket ourselves once seatd is ready. We also reduce the permissions to just user access, instead of user and group like seatd specifies.
2021-09-08 20:40:09 +02:00
// Wait for seatd to be ready
seatd-launch: Add seatd launch wrapper This launch wrapper is used to conveniently start a new seatd instance, wait for it to be ready, and launch a target application.
2021-08-06 00:06:44 +02:00
char buf[1] = {0};
while (true) {
pid_t p = waitpid(seatd_child, NULL, WNOHANG);
if (p == seatd_child) {
fprintf(stderr, "seatd exited prematurely\n");
goto error_seatd;
} else if (p == -1 && (errno != EINTR && errno != ECHILD)) {
perror("Could not wait for seatd process");
goto error_seatd;
}
struct pollfd fd = {
.fd = fds[0],
.events = POLLIN,
};
// We poll with timeout to avoid a racing on a blocking read
if (poll(&fd, 1, 1000) == -1) {
if (errno == EAGAIN || errno == EINTR) {
continue;
} else {
perror("Could not poll notification fd");
goto error_seatd;
}
}
if (fd.revents & POLLIN) {
ssize_t n = read(fds[0], buf, 1);
if (n == -1 && errno != EINTR) {
perror("Could not read from pipe");
goto error_seatd;
} else if (n > 0) {
break;
}
}
}
close(fds[0]);
seatd-launch: Set socket permissions directly Instead of relying on seatd's user/group arguments, which require turning our UID back into a username, just chmod/chown the socket ourselves once seatd is ready. We also reduce the permissions to just user access, instead of user and group like seatd specifies.
2021-09-08 20:40:09 +02:00
uid_t uid = getuid();
gid_t gid = getgid();
// Restrict access to the socket to just us
if (chown(sockpath, uid, gid) == -1) {
perror("Could not chown seatd socket");
goto error_seatd;
}
if (chmod(sockpath, 0700) == -1) {
perror("Could not chmod socket");
seatd-launch: Fix chmod error goto
2021-09-08 20:54:18 +02:00
goto error_seatd;
seatd-launch: Set socket permissions directly Instead of relying on seatd's user/group arguments, which require turning our UID back into a username, just chmod/chown the socket ourselves once seatd is ready. We also reduce the permissions to just user access, instead of user and group like seatd specifies.
2021-09-08 20:40:09 +02:00
}
// Drop privileges
if (setgid(gid) == -1) {
perror("Could not set gid to drop privileges");
goto error_seatd;
}
if (setuid(uid) == -1) {
perror("Could not set uid to drop privileges");
goto error_seatd;
}
seatd-launch: Add seatd launch wrapper This launch wrapper is used to conveniently start a new seatd instance, wait for it to be ready, and launch a target application.
2021-08-06 00:06:44 +02:00
pid_t child = fork();
if (child == -1) {
perror("Could not fork target process");
goto error_seatd;
} else if (child == 0) {
seatd-launch: Command line argument support
2021-08-06 23:00:05 +02:00
setenv("SEATD_SOCK", sockpath, 1);
seatd-launch: Use optind to find the command The command indexing had not been updated afer the introduction of getopt, so combining a command with flags would fail. Add error handling for if no command was specified while we're at it.
2021-09-12 11:44:07 +02:00
execvp(command[0], command);
seatd-launch: Add seatd launch wrapper This launch wrapper is used to conveniently start a new seatd instance, wait for it to be ready, and launch a target application.
2021-08-06 00:06:44 +02:00
perror("Could not start target");
seatd-launch: don't use gotos in child processes While forked (child pid is zero), don't use gotos. These will execute atexit functions and potentially mess up the stdlib. Instead, use _exit.
2021-08-06 08:23:02 +00:00
_exit(1);
seatd-launch: Add seatd launch wrapper This launch wrapper is used to conveniently start a new seatd instance, wait for it to be ready, and launch a target application.
2021-08-06 00:06:44 +02:00
}
seatd-launch: propagate child exit status When the child process exits with a non-zero code or is killed, return with a non-zero code as well.
2021-08-06 08:23:01 +00:00
int status = 0;
seatd-launch: Add seatd launch wrapper This launch wrapper is used to conveniently start a new seatd instance, wait for it to be ready, and launch a target application.
2021-08-06 00:06:44 +02:00
while (true) {
seatd-launch: propagate child exit status When the child process exits with a non-zero code or is killed, return with a non-zero code as well.
2021-08-06 08:23:01 +00:00
pid_t p = waitpid(child, &status, 0);
seatd-launch: Add seatd launch wrapper This launch wrapper is used to conveniently start a new seatd instance, wait for it to be ready, and launch a target application.
2021-08-06 00:06:44 +02:00
if (p == child) {
break;
} else if (p == -1 && errno != EINTR) {
perror("Could not wait for target process");
goto error_seatd;
}
}
seatd-launch: print unlink/kill errors Makes it easier to find out that something went wrong.
2021-09-13 09:59:46 +00:00
if (unlink(sockpath) != 0) {
perror("Could not unlink socket");
}
if (kill(seatd_child, SIGTERM) != 0) {
perror("Could not kill seatd");
}
seatd-launch: propagate child exit status When the child process exits with a non-zero code or is killed, return with a non-zero code as well.
2021-08-06 08:23:01 +00:00
if (WIFEXITED(status)) {
return WEXITSTATUS(status);
seatd-launch: exit with status >128 if child is signalled Mimick shells and exit with a status >128 if our child has been signalled. Exiting with 128 + signal number is what most shells do (POSIX only requires them to exit with >128).
2021-09-13 09:54:18 +00:00
} else if (WIFSIGNALED(status)) {
return 128 + WTERMSIG(status);
seatd-launch: propagate child exit status When the child process exits with a non-zero code or is killed, return with a non-zero code as well.
2021-08-06 08:23:01 +00:00
} else {
seatd-launch: exit with status >128 if child is signalled Mimick shells and exit with a status >128 if our child has been signalled. Exiting with 128 + signal number is what most shells do (POSIX only requires them to exit with >128).
2021-09-13 09:54:18 +00:00
abort(); // unreachable
seatd-launch: propagate child exit status When the child process exits with a non-zero code or is killed, return with a non-zero code as well.
2021-08-06 08:23:01 +00:00
}
seatd-launch: Add seatd launch wrapper This launch wrapper is used to conveniently start a new seatd instance, wait for it to be ready, and launch a target application.
2021-08-06 00:06:44 +02:00
error_seatd:
seatd-launch: Command line argument support
2021-08-06 23:00:05 +02:00
unlink(sockpath);
seatd-launch: Add seatd launch wrapper This launch wrapper is used to conveniently start a new seatd instance, wait for it to be ready, and launch a target application.
2021-08-06 00:06:44 +02:00
kill(seatd_child, SIGTERM);
error:
return 1;
}
Reference in a new issue Copy permalink