Commit graph

2286 commits

Author SHA1 Message Date
Jerzi Kaminsky
2ad8850398 Handle symlinks as IPC security targets
- When policies are allocated, the ipc target path goes
  through symlink resolution. The result is used as
  the canonical for matching pids to policies at runtime.
  In particular, this matches up with the target of
  the `/proc/<pid>/exe`.
- There's a possible race condition if this isn't done
  correctly, read below.

Originally, validate_ipc_target() always tried to resolve
its argument for symlinks, and returned a parogram target string
if it validates. This created a possible race condition with
security implications. The problem is that get_feature_policy()
first independently resolved the policy target in order to check
whether a policy already exists. If it didn't find any, it called
alloc_feature_policy() which called validate_ipc_target() which
resolved the policy target again. In the time between the two
checks, the symlink could be altered, and a lucky attacker could
fool the program into thinking that a policy doesn't exist
for a target, and then switch the symlink to point at another file.
At the very least this could allow him to create two policies
for the same program target, and possibly to bypass security
by associating the permissions for one target with another,
or force default permissions to apply to a target for which
a more specific rule has been configured. So we don't that.

Instead, the policy target is resolved once and that result is
used for the rest of the lookup/creation process.
2017-04-16 17:09:53 +03:00
Jerzi Kaminsky
c9694ee63d Add resolve_path() to utils 2017-04-16 17:09:53 +03:00
Jerzi Kaminsky
bcf9338ce7 Add validate_ipc_target() 2017-04-16 17:09:53 +03:00
Jerzi Kaminsky
bfb99235e3 Move get_feature_policy to sway/security.c 2017-04-16 17:09:53 +03:00
Jerzi Kaminsky
b4357a8eb6 Rename get_policy to get_feature_policy 2017-04-16 17:09:53 +03:00
Jerzi Kaminsky
cf5e764c7f Disambiguate get_*_policy() and get_*_policy_mask() 2017-04-16 17:09:53 +03:00
Drew DeVault
edb8075ae0 Merge pull request #1175 from JerziKaminsky/fix_sway_assert_variadic
Fix multiple issues in sway_assert
2017-04-16 09:50:50 -04:00
Jerzi Kaminsky
709b53bd43 Fix location reported by sway_assert 2017-04-16 16:39:53 +03:00
Jerzi Kaminsky
eb3b1ec5f1 Fix variadic forwarding in sway_assert
_sway_assert is a variadic function which tries
to delegate to another variadic function. This
requires a vprintf-style variant of the delegate.

https://stackoverflow.com/a/150616
2017-04-16 16:39:53 +03:00
Drew DeVault
4b3e533a59 Merge pull request #1171 from JerziKaminsky/misc_fixes
Misc fixes
2017-04-14 10:44:30 -04:00
Jerzi Kaminsky
6079e6f7e5 Fix style in sway-bar(5) manpage 2017-04-14 02:30:41 +03:00
Jerzi Kaminsky
b463fb8adc Remain compat with libinput < 1.7.0 2017-04-14 02:30:41 +03:00
Drew DeVault
a25a2f40ce Merge pull request #1147 from SirCmpwn/nvidia-support
Downgrade nvidia proprietary driver warning
2017-04-12 10:15:38 -04:00
Drew DeVault
b3541d9dc5 Implement more thourough nvidia config check 2017-04-12 10:04:44 -04:00
Drew DeVault
b036ad9b54 Downgrade nvidia proprietary driver warning 2017-04-12 10:04:44 -04:00
Drew DeVault
cd3c48fb9d Merge pull request #1146 from SirCmpwn/pretty-print-swaymsg
Add pretty printing to swaymsg
2017-04-10 08:19:02 -04:00
Drew DeVault
5d3a02a7c6 Merge branch 'master' into pretty-print-swaymsg 2017-04-10 07:17:47 -04:00
Drew DeVault
7fee555a46 Merge pull request #1150 from JerziKaminsky/cmake_find_libcap
Add libcap check to CMake
2017-04-08 06:53:22 -04:00
Drew DeVault
8d191b2785 Merge pull request #1155 from 4e554c4c/get_marks
Add `-t get_marks` and use more i3-like marks
2017-04-07 14:17:01 -04:00
Calvin Lee
154c6718c1 Add -t get_marks and use more i3-like marks
In i3 every mark is unique and one mark cannot be used in more than one
window, sway behavior has been amended to match this.
`swaymsg -t get_marks` will now return an array of all marks used in sway.

See #98
2017-04-07 11:37:51 -06:00
Drew DeVault
4e12bf64ef Merge pull request #1153 from SirCmpwn/fix-1152
Fix dangling file descriptors (fixes #1152)
2017-04-07 08:59:29 -04:00
Drew DeVault
cf95aebf69 Merge pull request #1154 from ascent12/fix-1152
Removed explicitly setting file descriptors to -1
2017-04-07 08:49:47 -04:00
Scott Anderson
1b2cd93212 Removed explicitly setting file descriptors to -1 2017-04-08 00:45:31 +12:00
Drew DeVault
50a31a6c88 Fix dangling file descriptors (fixes #1152) 2017-04-07 07:55:35 -04:00
JerziKaminsky
aa6bd85da1 Add libcap check to CMake
- Moved ``<sys/capability.h>`` include inside `__linux__` guard,
  because all uses are similarly guarded.
- <sys/capability.h> is part of an optional devel package, at least
  in fedora. CMake now explicitly checks that libcap devel files
  are available.
- Added libcap to the list of install packages in .travis.yml, to
  make the dependency explicit. travis-ci installs the package by
  default, which is why this hasn't surfaced previously.
2017-04-07 03:14:16 +03:00
Drew DeVault
270e01ce6d Merge pull request #1151 from ascent12/master
Change regex to use PCRE
2017-04-06 08:51:22 -04:00
Scott Anderson
3a32be67ed Added designated initaliser, to prevent any possible problem with
ordering
2017-04-07 00:34:33 +12:00
Scott Anderson
fe54a6725e Changed regular expressions to use PCRE for i3 compatibility 2017-04-07 00:16:06 +12:00
Drew DeVault
3f40b61321 Merge pull request #1149 from 4e554c4c/criteria
Improve criteria handling
2017-04-06 06:47:26 -04:00
Calvin Lee
069d37f987 Improve criteria handling
This commit changes how commands decide what container to act on.
Commands get the current container though `current_container`, a global
defined in sway/commands.c. If a criteria is given before a command,
then the following command will be run once for every container the
criteria matches with a reference to the matching container in
'current_container'. Commands should use this instead of
`get_focused_container()` from now on.

This commit also fixes a few (minor) mistakes made in implementing marks
such as non-escaped arrows in sway(5) and calling the "mark" command
"floating" by accident. It also cleans up `criteria.c` in a few places.
2017-04-05 22:07:23 -06:00
Drew DeVault
7d43a76b4e Merge pull request #1145 from 4e554c4c/marks
Impliment i3-style marks
2017-04-03 14:52:20 -04:00
Calvin Lee
2445d27960 Impliment i3-style marks
This commit adds three commands to sway: `show_marks`, `mark` and
`unmark`. Marks are displayed right-aligned in the window border as i3
does. Marks may be found using criteria.

Fixes #1007
2017-04-03 11:48:37 -06:00
Drew DeVault
ab7570d311 Update man page 2017-04-03 07:46:11 -04:00
Drew DeVault
60ce81e06a Add pretty printing to swaymsg
If stdout is a tty, it will pretty print unless -r (--raw) is given.

Sample outputs:

```
~/s/s/build > ./bin/swaymsg fullscreen toggle
Error: Permission denied for fullscreen toggle via IPC

~/s/s/build > ./bin/swaymsg -t get_workspaces
Workspace 3:三
  Output: DVI-I-1
  Layout: splith

Workspace 1:一 (off-screen)
  Output: HDMI-A-1
  Layout: splith

Workspace 5:五 (focused)
  Output: HDMI-A-1
  Layout: splith

~/s/s/build > ./bin/swaymsg -t get_inputs
Input device Metadot - Das Keyboard Das Keyboard
  Type: Keyboard
  Sway ID: 9456:320:Metadot_-_Das_Keyboard_Das_Keyb

Input device Wacom Intuos S 2 Pen
  Type: Tablet tool
  Sway ID: 1386:827:Wacom_Intuos_S_2

Input device Wacom Intuos S 2 Pad
  Type: Tablet pad
  Sway ID: 1386:827:Wacom_Intuos_S_2

Input device Logitech Gaming Mouse G502
  Type: Keyboard, Mouse
  Sway ID: 1133:49277:Logitech_Gaming_Mous

~/s/s/build > ./bin/swaymsg -t get_outputs
Output DVI-I-1
  Geometry: 1920x1080 @ 3840,0
  Scale factor: 1x
  Workspace: 3:三

Output DVI-D-1
  Geometry: 1920x1080 @ 0,0
  Scale factor: 1x
  Workspace: 4:四

Output HDMI-A-1
  Geometry: 1920x1080 @ 1920,0
  Scale factor: 1x
  Workspace: 5:五
```
2017-04-03 07:27:25 -04:00
Drew DeVault
8d9a928058 Update README.md 2017-03-28 07:45:16 -04:00
Drew DeVault
82729eeb0c Mention cap_sys_tty_config in readme 2017-03-27 07:02:08 -04:00
Drew DeVault
e659db4f73 Merge pull request #1130 from oranenj/fix_move_next_crash
Fix move next crash
2017-03-19 17:57:44 -04:00
Jarkko Oranen
924ed6464c Prevent "move next" and "move prev" commands from crashing
Fixes #1120

When the parent of a view is C_WORKSPACE and the movement direction
is either MOVE_PREV or MOVE_NEXT, the code would attempt to move the
views to the next output, but swayc_adjacent_output can't accept
non-directional movement commands and causes undefined behaviour and
a segfault.

If the code is simply skipped, we end up in an infinite loop.

Instead, we can allow containers whose parent is a C_WORKSPACE take the
path that handles MOVE_PREV and MOVE_NEXT, which behaves as you would
expect.

I'm not certain that this fix is entirely correct as the desired behaviour
of move_container is not very well defined, but it seems to work.
2017-03-19 16:58:39 +02:00
Jarkko Oranen
d7350915d9 The default layout of a workspace should follow the output
Hardcoding it to L_HORIZ does not make sense to me,
as you get the unexpected behaviour that windows will be
arranged horizontally until you switch the layout.
2017-03-19 16:57:05 +02:00
Drew DeVault
0fa8b5abfb Merge pull request #1126 from zandrmartin/prevent-fullscreen-focus-stealing
prevent fullscreen focus thievery
2017-03-18 18:04:02 -04:00
Zandr Martin
2d46fc5602
prevent fullscreen focus thievery
I believe this fixes #1102
2017-03-18 17:55:50 -04:00
Drew DeVault
856984a7f6 Merge pull request #1125 from zandrmartin/remove-unnecessary-todo
remove unnecessary todo item
2017-03-18 17:35:30 -04:00
Drew DeVault
84ae6d02e8 Merge branch 'master' into remove-unnecessary-todo 2017-03-18 17:30:00 -04:00
Zandr Martin
baa17ec696
remove unnecessary todo item
As best I can tell this todo was intended to add workspace movement to
the given output with the `workspace <ws> output <op>` command, but i3
does not behave this way.
2017-03-18 17:26:59 -04:00
Drew DeVault
cef4a5cf70 Merge pull request #1124 from zandrmartin/correct-typo
wl_poitner -> wl_pointer
2017-03-18 17:01:26 -04:00
Zandr Martin
956eb6d714
wl_poitner -> wl_pointer 2017-03-18 16:57:26 -04:00
Drew DeVault
5c3d3184a3 Merge pull request #1119 from oranenj/master
Fix off-by-one error when checking workspace_layout arguments
2017-03-18 16:36:17 -04:00
Drew DeVault
e956c61719 Merge branch 'master' into master 2017-03-18 16:27:58 -04:00
Jarkko Oranen
f6196b7e9a Fix off-by-one error when checking workspace_layout arguments 2017-03-18 22:24:44 +02:00
Drew DeVault
b01e8dea58 Merge pull request #1121 from zandrmartin/registry-keyboard-caps
add missing ! for wl seat keyboard caps
2017-03-18 16:17:11 -04:00