[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-commits
Subject:    [kwin] /: Disallow running KWin/Wayland as root
From:       Martin_Flöser <null () kde ! org>
Date:       2018-05-21 14:57:48
Message-ID: E1fKmFw-0001Y4-Dk () code ! kde ! org
[Download RAW message or body]

Git commit 267b5a11222e06b0f248ea084c95efa7de776dbe by Martin Flöser.
Committed on 20/05/2018 at 19:51.
Pushed by graesslin into branch 'master'.

Disallow running KWin/Wayland as root

Summary:
KWin is not designed to run as root. It is not hardened enough and
there is a great risk that applications could attack KWin through
X11 properties, Wayland protocol requests, etc. to trigger stack or
heap overflows and execute random code. As clients connected to KWin
could be remote there is a great risk in running KWin as root. Also
clients on the same system but started as a different user could
try to gain more privs by exploiting KWin.

Furthermore KWin is designed to not run as root. It interacts with
logind to get the devices opened which would require root. Whether
KWin would work as root at all is questionable.

We cannot guarantee that running KWin as root is secure, thus this
change disallows running KWin and thus a Wayland session as root.

Reviewers: #kwin, #plasma

Subscribers: kwin

Tags: #kwin

Differential Revision: https://phabricator.kde.org/D13008

M  +4    -0    main_wayland.cpp

https://commits.kde.org/kwin/267b5a11222e06b0f248ea084c95efa7de776dbe

diff --git a/main_wayland.cpp b/main_wayland.cpp
index 0e81d6dea..96da83823 100644
--- a/main_wayland.cpp
+++ b/main_wayland.cpp
@@ -516,6 +516,10 @@ void dropNiceCapability()
 
 int main(int argc, char * argv[])
 {
+    if (getuid() == 0) {
+        std::cerr << "kwin_wayland does not support running as root." << std::endl;
+        return 1;
+    }
     KWin::disablePtrace();
     KWin::Application::setupMalloc();
     KWin::Application::setupLocalizedString();
[prev in list] [next in list] [prev in thread] [next in thread]