-
Notifications
You must be signed in to change notification settings - Fork 182
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
setuid: Unable to drop root (we shouldn't be able to restore it after setuid): Success #245
Comments
This usually indicates that swaylock is run as actual root, rather than being run as a user and having SUID upgrade privileges. It should be notes that the preferred use is through PAM, not through SUID and the built-in shadow handling. |
Strange, because the user is not root, but my user account
Right, but these times it is better to have a lean system, as less code means less potential security vulnerabilities. PAM seems bloated, compared to lean approach of sway. |
PAM is under far more scrutiny than our swaylock SUID helper, so from a security standpoint it is the better solution. Whether something is "bloated" is subjective.
Hmm, I will have to take a look. |
Seems like the reason could be file capabilities set (CAP_SYS_ADMIN) by Gentoo if USE="-pam filecaps".. See also Gentoo Bug 921584 where I propose fixing the applied capability as well as a basic patch to make swaylock work with file capabilities (but that way would not solve issue #175 ). |
OS: Linux Gentoo
I have setuid on my swaylock binary:
However, when attempting to use it, it cannot drop root:
The text was updated successfully, but these errors were encountered: