From a5c091e3026eb41d3a4daef3db95b47a3445aa11 Mon Sep 17 00:00:00 2001
From: Tobias Blass <tobiasblass@t-online.de>
Date: Wed, 13 Jun 2018 00:39:24 +0200
Subject: Perform (partial) server initialization before dropping privileges.

Some operations during backend creation (e.g. becoming DRM master)
require CAP_SYS_ADMIN privileges. At this point, sway has dropped them
already, though. This patch splits the privileged part of server_init
into its own function and calls it before dropping its privileges.
This fixes the bug with minimal security implications.
---
 sway/main.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'sway/main.c')

diff --git a/sway/main.c b/sway/main.c
index a7e808ad..a325dc3a 100644
--- a/sway/main.c
+++ b/sway/main.c
@@ -359,6 +359,11 @@ int main(int argc, char **argv) {
 
 	executable_sanity_check();
 	bool suid = false;
+
+	if (!server_privileged_prepare(&server)) {
+		return 1;
+	}
+
 #ifdef __linux__
 	if (getuid() != geteuid() || getgid() != getegid()) {
 		// Retain capabilities after setuid()
-- 
cgit v1.2.3