Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[fix] raise swhkd privileges right after reading config #156

Merged
merged 1 commit into from
Oct 6, 2022
Merged

[fix] raise swhkd privileges right after reading config #156

merged 1 commit into from
Oct 6, 2022

Conversation

ajanon
Copy link
Collaborator

@ajanon ajanon commented Sep 2, 2022

As a fix for CVE-2022-27814, root privileges are dropped to the calling user when (re)loading the config file. Privileges were sometimes dropped but never raised again, which caused crashes when sending SIGHUP to swhkd multiple times in a row.

This now always raises privileges after successfully reading the config file.
Fixes #155.

@ajanon
[fix] raise swhkd privileges right after reading config
4ccc1ca 
As a fix for CVE-2022-27814, root privileges are dropped to the calling user
when (re)loading the config file. Privileges were sometimes dropped but never
raised again, which caused crashes when sending SIGHUP to swhkd multiple times
in a row.

This now always raises privileges after successfully reading the config file.
Fixes waycrate#155.
@Shinyzenith
Copy link
Member

@EdenQwQ Hello dear, would you mind reviewing this?

@Shinyzenith Shinyzenith added the Bug Something isn't working label Sep 5, 2022
@Shinyzenith
Copy link
Member

So my only concern is that we never drop the privileges in this patch after raising them.

@ajanon
Copy link
Collaborator Author

ajanon commented Sep 13, 2022

Privileges are dropped right at the beginning of the load_config closure:

swhkd/swhkd/src/daemon.rs

Lines 72 to 74 in 022466e

let load_config = || {
// Drop privileges to the invoking user.
perms::drop_privileges(invoking_uid);

With this PR the daemon has full privileges, except while loading the config. If you want to restrict it further, I can try to implement the fix for SIGHUP another way.

@Shinyzenith
Copy link
Member

Privileges are dropped right at the beginning of the load_config closure:

swhkd/swhkd/src/daemon.rs

Lines 72 to 74 in 022466e

let load_config = || {
// Drop privileges to the invoking user.
perms::drop_privileges(invoking_uid);

With this PR the daemon has full privileges, except while loading the config. If you want to restrict it further, I can try to implement the fix for SIGHUP another way.

This looks good enough! I'll just perform some security tests on my end once I get the time and merge! ❤️

@Shinyzenith Shinyzenith merged commit 6b24df8 into waycrate:main Oct 6, 2022
@Shinyzenith
Copy link
Member

To [email protected]:waycrate/swhkd
6b24df8..36281fe main -> main

@alexindigo alexindigo mentioned this pull request Jan 9, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Shinyzenith Shinyzenith Shinyzenith approved these changes

@EdenQwQ EdenQwQ Awaiting requested review from EdenQwQ

Assignees

@Shinyzenith Shinyzenith

@ajanon ajanon

Labels
Bug Something isn't working
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Sending SIGHUP twice to swhkd crashes with Failed to set init groups: EPERM
2 participants
@ajanon @Shinyzenith