diff --git a/CMakeLists.txt b/CMakeLists.txt index f856c3c216..98ec795ed5 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -274,9 +274,16 @@ configure_file(libkwineffects/kwinconfig.h.cmake ${CMAKE_CURRENT_BINARY_DIR}/lib # for kwin internal things set(HAVE_X11_XCB ${X11_XCB_FOUND}) +include(CheckIncludeFile) include(CheckIncludeFiles) +include(CheckSymbolExists) check_include_files(unistd.h HAVE_UNISTD_H) check_include_files(malloc.h HAVE_MALLOC_H) + +check_include_file("sys/prctl.h" HAVE_SYS_PRCTL_H) +check_symbol_exists(PR_SET_DUMPABLE "sys/prctl.h" HAVE_PR_SET_DUMPABLE) +add_feature_info("prctl-dumpable" HAVE_PR_SET_DUMPABLE "Required for disallow ptrace on greeter and kcheckpass process") + configure_file(config-kwin.h.cmake ${CMAKE_CURRENT_BINARY_DIR}/config-kwin.h ) diff --git a/config-kwin.h.cmake b/config-kwin.h.cmake index 2466d7ca7a..f055a159f2 100644 --- a/config-kwin.h.cmake +++ b/config-kwin.h.cmake @@ -14,6 +14,8 @@ #cmakedefine01 HAVE_GBM #cmakedefine01 HAVE_LIBHYBRIS #cmakedefine01 HAVE_WAYLAND_EGL +#cmakedefine01 HAVE_SYS_PRCTL_H +#cmakedefine01 HAVE_PR_SET_DUMPABLE /* Define to 1 if you have the header file. */ #cmakedefine HAVE_UNISTD_H 1 diff --git a/main_wayland.cpp b/main_wayland.cpp index d465073257..926dc95488 100644 --- a/main_wayland.cpp +++ b/main_wayland.cpp @@ -39,6 +39,7 @@ along with this program. If not, see . #include #include #include +#include #include #include #include @@ -51,6 +52,10 @@ along with this program. If not, see . #include #endif // HAVE_UNISTD_H +#if HAVE_SYS_PRCTL_H +#include +#endif + #include #include @@ -382,10 +387,26 @@ static QString automaticBackendSelection() return s_fbdevPlugin; } +static void disablePtrace() +{ +#if HAVE_PR_SET_DUMPABLE + // check whether we are running under a debugger + const QFileInfo parent(QStringLiteral("/proc/%1/exe").arg(getppid())); + if (parent.isSymLink() && parent.symLinkTarget().endsWith(QLatin1String("/gdb"))) { + // debugger, don't adjust + return; + } + + // disable ptrace in kwin_wayland + prctl(PR_SET_DUMPABLE, 0); +#endif +} + } // namespace int main(int argc, char * argv[]) { + KWin::disablePtrace(); KWin::Application::setupMalloc(); KWin::Application::setupLocalizedString();