From 267b5a11222e06b0f248ea084c95efa7de776dbe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Fl=C3=B6ser?= Date: Sun, 20 May 2018 21:45:51 +0200 Subject: [PATCH] Disallow running KWin/Wayland as root Summary: KWin is not designed to run as root. It is not hardened enough and there is a great risk that applications could attack KWin through X11 properties, Wayland protocol requests, etc. to trigger stack or heap overflows and execute random code. As clients connected to KWin could be remote there is a great risk in running KWin as root. Also clients on the same system but started as a different user could try to gain more privs by exploiting KWin. Furthermore KWin is designed to not run as root. It interacts with logind to get the devices opened which would require root. Whether KWin would work as root at all is questionable. We cannot guarantee that running KWin as root is secure, thus this change disallows running KWin and thus a Wayland session as root. Reviewers: #kwin, #plasma Subscribers: kwin Tags: #kwin Differential Revision: https://phabricator.kde.org/D13008 --- main_wayland.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/main_wayland.cpp b/main_wayland.cpp index 0e81d6deab..96da83823d 100644 --- a/main_wayland.cpp +++ b/main_wayland.cpp @@ -516,6 +516,10 @@ void dropNiceCapability() int main(int argc, char * argv[]) { + if (getuid() == 0) { + std::cerr << "kwin_wayland does not support running as root." << std::endl; + return 1; + } KWin::disablePtrace(); KWin::Application::setupMalloc(); KWin::Application::setupLocalizedString();