swhkd icon indicating copy to clipboard operation
swhkd copied to clipboard

Published 20 hours ago verified publisher icon waycrate

[fix] raise swhkd privileges right after reading config

Open ajanon opened this issue 2 years ago • 4 comments

As a fix for CVE-2022-27814, root privileges are dropped to the calling user when (re)loading the config file. Privileges were sometimes dropped but never raised again, which caused crashes when sending SIGHUP to swhkd multiple times in a row.

This now always raises privileges after successfully reading the config file. Fixes #155.

ajanon avatar Sep 02 '22 10:09 ajanon

@EdenQwQ Hello dear, would you mind reviewing this?

Shinyzenith avatar Sep 05 '22 13:09 Shinyzenith

So my only concern is that we never drop the privileges in this patch after raising them.

Shinyzenith avatar Sep 11 '22 16:09 Shinyzenith

Privileges are dropped right at the beginning of the load_config closure: https://github.com/waycrate/swhkd/blob/022466ec0bcca881d5034a2b23aab934cfd4578a/swhkd/src/daemon.rs#L72-L74

With this PR the daemon has full privileges, except while loading the config. If you want to restrict it further, I can try to implement the fix for SIGHUP another way.

ajanon avatar Sep 13 '22 15:09 ajanon

Privileges are dropped right at the beginning of the load_config closure:

https://github.com/waycrate/swhkd/blob/022466ec0bcca881d5034a2b23aab934cfd4578a/swhkd/src/daemon.rs#L72-L74

With this PR the daemon has full privileges, except while loading the config. If you want to restrict it further, I can try to implement the fix for SIGHUP another way.

This looks good enough! I'll just perform some security tests on my end once I get the time and merge! ❤️

Shinyzenith avatar Sep 16 '22 08:09 Shinyzenith

To [email protected]:waycrate/swhkd 6b24df8..36281fe main -> main

Shinyzenith avatar Oct 06 '22 09:10 Shinyzenith