Commit graph

2551 commits

Author SHA1 Message Date
Drew DeVault 7784f1a905 Handle allocation failures in security code
Note that such errors are generally going to be fatal
2016-12-15 19:01:41 -05:00
Drew DeVault 31b002b6d5 Handle IPC server allocation failures 2016-12-15 19:01:41 -05:00
Drew DeVault 8cef81d6f2 Handle some more memory allocation failures 2016-12-15 19:01:41 -05:00
Drew DeVault d75a747a3d Handle config-related allocation failures 2016-12-15 19:01:41 -05:00
Drew DeVault 248df18c24 Handle allocation failure in commands 2016-12-15 19:01:40 -05:00
Drew DeVault 8691ff1b63 Handle border-related malloc failures 2016-12-15 19:01:40 -05:00
Drew DeVault ad7f68585b Always log filename and line number 2016-12-15 19:01:40 -05:00
Drew DeVault 4c6c65e70c Handle malloc failures from read_line 2016-12-15 19:01:40 -05:00
Drew DeVault 9ad1e6b40f Handle malloc failure in ipc_recv_response 2016-12-15 19:01:40 -05:00
Drew DeVault 6c0fc20936 Merge pull request #991 from barfoo1/registry_fix
minor logic error in registry.c:seat_handle_capabilities()
2016-12-14 04:29:52 -05:00
barfoo1 dc6942d10d minor logic error 2016-12-14 10:24:13 +01:00
Drew DeVault 6350752d6b Merge pull request #985 from myfreeweb/master
Fix build on FreeBSD
2016-12-11 14:07:08 -05:00
Greg V da26d69cb1 Fix build on FreeBSD
- Make sure CMake always finds absolute paths for Cairo, Pango and GdkPixbuf
- Add forgotten json-c include path to swaymsg/CMakeLists.txt
- Disable -Werror because of assert warnings
- Add correct /proc/pid/file path for FreeBSD
- Use libepoll-shim on FreeBSD
- Only use Linux capabilities on, well, Linux
2016-12-09 19:32:07 +03:00
Drew DeVault d93e53fd4b Use return value of write 2016-12-06 09:10:16 -05:00
Drew DeVault 979878d8af Decrement expected_len 2016-12-04 10:55:11 -05:00
Drew DeVault cb0ca3c301 Change name of ld-library-path cmake variable 2016-12-04 10:20:15 -05:00
Drew DeVault 49fe25c106 Mention setcap in manual install instructions 2016-12-04 09:59:25 -05:00
Drew DeVault 1d39c22a38 Add link to security features issue in readme 2016-12-04 09:52:38 -05:00
Drew DeVault 1a509dcc29 Fix to sway-security(7) 2016-12-04 09:49:13 -05:00
Drew DeVault cdecf3c495 Drop restart command from sanity check
Since we don't actually have one of those
2016-12-04 09:37:24 -05:00
Drew DeVault 6604bb67ea Fix minor issues with default security config 2016-12-04 09:12:31 -05:00
D.B 35b8d185ac fix layout switching (was broken because of workspace_layout)
For workspace containers, swayc_change_layout also changes ->layout alongside
->workspace_layout when it's a sensible thing to do. There is an additional test
for 'layout toggle' command which ensures that containers will be tiled
horizontally after toggling from tabbed or stacked.
2016-12-04 08:31:34 -05:00
D.B 4762bcb3b9 wrap some views under workspaces
If workspace layout is set to tabbed or stacked, its C_VIEW children
should get wrapped in a container. Alongside that, move_container was
modified to retain previous functionality.
2016-12-04 08:31:34 -05:00
D.B 6fb4b6737a add workspace_layout to container
Add swayc_change_layout function, which changes either layout or
workspace_layout, depending on the container type.
2016-12-04 08:31:34 -05:00
Drew DeVault 5778c59a2f Merge pull request #981 from SirCmpwn/security
Security features
2016-12-04 08:30:40 -05:00
Drew DeVault e7a764fdf4 Disallow everything by default
And update config.d/security to configure sane defaults
2016-12-03 12:38:42 -05:00
Drew DeVault 93d99f3712 Fix use-after-free 2016-12-02 18:57:10 -05:00
Drew DeVault d2d6fcd1ff Fix clang issues 2016-12-02 18:38:31 -05:00
Drew DeVault 8577095db7 Check for CAP_SYS_PTRACE 2016-12-02 18:37:01 -05:00
Drew DeVault d353da248b Add ipc connection feature policy controls 2016-12-02 18:09:19 -05:00
Drew DeVault 62dad7148f Enforce IPC security policy 2016-12-02 17:55:03 -05:00
Drew DeVault c8dc4925d1 Add IPC security policy command handlers 2016-12-02 17:34:26 -05:00
Drew DeVault e9e1a6a409 Add IPC policy to config
Also reduces enum abuse, cc @minus7
2016-12-02 16:08:45 -05:00
Drew DeVault 0a1b211e09 Drop -Denable-binding-event 2016-12-02 16:01:33 -05:00
Drew DeVault 25a4a85a59 Run config files through sed and install to /etc 2016-12-02 15:56:36 -05:00
Drew DeVault 751e6d2ab2 Clarify lock permission consequences 2016-12-02 10:34:17 -05:00
Drew DeVault 0c8dc0e6df Clarify that executable has to be a full path 2016-12-02 10:32:08 -05:00
Drew DeVault c61746a15b Soften up environment security
So no one gets their feewings hurt
2016-12-02 10:29:50 -05:00
Drew DeVault a4e92ad272 Deal with LD_LIBRARY_PATH 2016-12-02 10:23:30 -05:00
Drew DeVault 1a143e601b Clarify when keyboard/mouse features work 2016-12-02 10:17:53 -05:00
Drew DeVault 4d312f753c Add docs on what features sway programs require 2016-12-02 10:13:06 -05:00
Drew DeVault 3dbeb9c35c Add sway-security(7) 2016-12-02 10:05:43 -05:00
Drew DeVault 10c2125040 Unset LD_PRELOAD on startup (before dropping root)
LD_PRELOAD enables keyloggers to easily be made. This solution isn't
perfect - really a secure system wouldn't have LD_PRELOAD at all. It was
a stupid idea in the first place.
2016-12-02 08:47:47 -05:00
Drew DeVault 04fc10feeb Flesh out security_sanity_check 2016-12-02 08:42:26 -05:00
Drew DeVault 39cf9a82f7 Enforce command policies 2016-12-02 08:17:45 -05:00
Drew DeVault f23880b1fd Add support for command policies in config file 2016-12-02 08:10:03 -05:00
Drew DeVault 0d395681fe Enforce mouse permissions 2016-12-01 22:11:48 -05:00
Drew DeVault 8aeeacf178 Enforce keyboard permissions 2016-12-01 22:09:33 -05:00
Drew DeVault ffdbb9d050 Enforce fullscreen permissions 2016-12-01 22:03:36 -05:00
Drew DeVault dc4b57c868 Shut Clang up 2016-12-01 21:58:38 -05:00