Today I learned that GNU flaunts the POSIX standard in yet another
creative way. Additionally, this adds some security improvements,
namely:
- Zeroing out password buffers in the privileged child process
- setuid/setgid after reading /etc/shadow
It's better to use DT_RPATH dynamic section of the elf binary to store
the paths of libraries to load instead of overwriting LD_LIBRARY_PATH
for the whole environment, causing surprises. This solution is much more
transparent and perfectly suitable for running contained installations
of wayland/wlroots/sway.
The code unsetting the LD_LIBRARY_PATH/LD_PRELOAD was also deleted as
it's a placebo security at best - we should trust the execution path
that leads us to running sway, and it's way too late to care about those
variables since we already started executing our compositor, thus we
would be compromised anyway.
This involves setuid'ing swaylock, which then forks and drops perms on
the parent process. The child process remains root and listens on a pipe
for requests to validate passwords against /etc/shadow.
This will restrict the default namespace set on FreeBSD to the C11
standard (everything is visible by default), which will prevent possible
conflicts with symbols hidden behing __BSD_VISIBLE.
SYSCONFDIR is used to determine the path of the default configuration
file. 'sysconfdir' is set to 'prefix/sysconfdir' later (on line 139),
so configuration files are installed under 'prefix', but SYSCONFDIR did
not reflect it.
Swayidle handles idle events and allows
for dpms and lockscreen handling. It also
handles systemd sleep events, and can
raise a lockscreen on sleep
Fixes #541
This starts up the event loop and wayland display and shims out the
basic top level rendering concepts. Also includes some changes to
incorporate pango into the 1.x codebase properly.