Skip to content

Commit 7b98e76

Browse files
WhatAmISupposedToPutHereWhatAmISupposedToPutHere
authored
Merge pull request #4 from jannau/privdrop_take2
Drop root privileges as soon as possible
2 parents 5a4e8f0 + ad5ab8b commit 7b98e76

1 file changed

Lines changed: 13 additions & 9 deletions

File tree

src/main.rs

Lines changed: 13 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -194,6 +194,19 @@ fn toggle_key<F>(uinput: &mut UInputHandle<F>, code: Key, value: i32) where F: A
194194
}
195195

196196
fn main() {
197+
let mut uinput = UInputHandle::new(OpenOptions::new().write(true).open("/dev/uinput").unwrap());
198+
let mut backlight = BacklightManager::new();
199+
200+
// drop privileges to input and video group
201+
let groups = ["input", "video"];
202+
203+
PrivDrop::default()
204+
.user("nobody")
205+
.group("nobody")
206+
.group_list(&groups)
207+
.apply()
208+
.unwrap_or_else(|e| { panic!("Failed to drop privileges: {}", e) });
209+
197210
let mut surface = ImageSurface::create(Format::ARgb32, DFR_HEIGHT, DFR_WIDTH).unwrap();
198211
let mut active_layer = 0;
199212
let layers = [
@@ -240,7 +253,6 @@ fn main() {
240253
input_main.udev_assign_seat("seat0").unwrap();
241254
let pollfd_tb = PollFd::new(input_tb.as_raw_fd(), PollFlags::POLLIN);
242255
let pollfd_main = PollFd::new(input_main.as_raw_fd(), PollFlags::POLLIN);
243-
let mut uinput = UInputHandle::new(OpenOptions::new().write(true).open("/dev/uinput").unwrap());
244256
uinput.set_evbit(EventKind::Key).unwrap();
245257
for layer in &layers {
246258
for button in &layer.buttons {
@@ -267,8 +279,6 @@ fn main() {
267279
}).unwrap();
268280
uinput.dev_create().unwrap();
269281

270-
let mut backlight = BacklightManager::new();
271-
272282
let mut digitizer: Option<InputDevice> = None;
273283
let mut touches = HashMap::new();
274284
loop {
@@ -289,12 +299,6 @@ fn main() {
289299
let dev = evt.device();
290300
if dev.name().contains(" Touch Bar") {
291301
digitizer = Some(dev);
292-
PrivDrop::default()
293-
.chroot("/var/empty")
294-
.user("nobody")
295-
.group("nobody")
296-
.apply()
297-
.unwrap_or_else(|e| { panic!("Failed to drop privileges: {}", e) });
298302
}
299303
},
300304
Event::Keyboard(KeyboardEvent::Key(key)) => {

0 commit comments

Comments
 (0)