diff options
-rw-r--r-- | LICENSE | 2 | ||||
-rw-r--r-- | config.mk | 2 | ||||
-rw-r--r-- | slock.c | 36 |
3 files changed, 30 insertions, 10 deletions
@@ -1,6 +1,6 @@ | |||
1 | MIT/X Consortium License | 1 | MIT/X Consortium License |
2 | 2 | ||
3 | © 2006-2012 Anselm R Garbe <anselm@garbe.us> | 3 | © 2006-2013 Anselm R Garbe <anselm@garbe.us> |
4 | 4 | ||
5 | Permission is hereby granted, free of charge, to any person obtaining a | 5 | Permission is hereby granted, free of charge, to any person obtaining a |
6 | copy of this software and associated documentation files (the "Software"), | 6 | copy of this software and associated documentation files (the "Software"), |
@@ -1,5 +1,5 @@ | |||
1 | # slock version | 1 | # slock version |
2 | VERSION = 1.1 | 2 | VERSION = 1.2 |
3 | 3 | ||
4 | # Customize below to fit your system | 4 | # Customize below to fit your system |
5 | 5 | ||
@@ -44,6 +44,21 @@ die(const char *errstr, ...) { | |||
44 | exit(EXIT_FAILURE); | 44 | exit(EXIT_FAILURE); |
45 | } | 45 | } |
46 | 46 | ||
47 | #ifdef __linux__ | ||
48 | #include <fcntl.h> | ||
49 | |||
50 | static void | ||
51 | dontkillme(void) { | ||
52 | int fd; | ||
53 | |||
54 | fd = open("/proc/self/oom_score_adj", O_WRONLY); | ||
55 | if (fd < 0 && errno == ENOENT) | ||
56 | return; | ||
57 | if (fd < 0 || write(fd, "-1000\n", 6) != 6 || close(fd) != 0) | ||
58 | die("cannot disable the out-of-memory killer for this process\n"); | ||
59 | } | ||
60 | #endif | ||
61 | |||
47 | #ifndef HAVE_BSD_AUTH | 62 | #ifndef HAVE_BSD_AUTH |
48 | static const char * | 63 | static const char * |
49 | getpw(void) { /* only run as root */ | 64 | getpw(void) { /* only run as root */ |
@@ -52,7 +67,7 @@ getpw(void) { /* only run as root */ | |||
52 | 67 | ||
53 | pw = getpwuid(getuid()); | 68 | pw = getpwuid(getuid()); |
54 | if(!pw) | 69 | if(!pw) |
55 | die("slock: cannot retrieve password entry (make sure to suid or sgid slock)"); | 70 | die("slock: cannot retrieve password entry (make sure to suid or sgid slock)\n"); |
56 | endpwent(); | 71 | endpwent(); |
57 | rval = pw->pw_passwd; | 72 | rval = pw->pw_passwd; |
58 | 73 | ||
@@ -68,8 +83,9 @@ getpw(void) { /* only run as root */ | |||
68 | #endif | 83 | #endif |
69 | 84 | ||
70 | /* drop privileges */ | 85 | /* drop privileges */ |
71 | if(setgid(pw->pw_gid) < 0 || setuid(pw->pw_uid) < 0) | 86 | if (geteuid() == 0 |
72 | die("slock: cannot drop privileges"); | 87 | && ((getegid() != pw->pw_gid && setgid(pw->pw_gid) < 0) || setuid(pw->pw_uid) < 0)) |
88 | die("slock: cannot drop privileges\n"); | ||
73 | return rval; | 89 | return rval; |
74 | } | 90 | } |
75 | #endif | 91 | #endif |
@@ -114,9 +130,9 @@ readpw(Display *dpy, const char *pws) | |||
114 | #ifdef HAVE_BSD_AUTH | 130 | #ifdef HAVE_BSD_AUTH |
115 | running = !auth_userokay(getlogin(), NULL, "auth-xlock", passwd); | 131 | running = !auth_userokay(getlogin(), NULL, "auth-xlock", passwd); |
116 | #else | 132 | #else |
117 | running = strcmp(crypt(passwd, pws), pws); | 133 | running = !!strcmp(crypt(passwd, pws), pws); |
118 | #endif | 134 | #endif |
119 | if(running != False) | 135 | if(running) |
120 | XBell(dpy, 100); | 136 | XBell(dpy, 100); |
121 | len = 0; | 137 | len = 0; |
122 | break; | 138 | break; |
@@ -244,20 +260,24 @@ main(int argc, char **argv) { | |||
244 | else if(argc != 1) | 260 | else if(argc != 1) |
245 | usage(); | 261 | usage(); |
246 | 262 | ||
263 | #ifdef __linux__ | ||
264 | dontkillme(); | ||
265 | #endif | ||
266 | |||
247 | if(!getpwuid(getuid())) | 267 | if(!getpwuid(getuid())) |
248 | die("slock: no passwd entry for you"); | 268 | die("slock: no passwd entry for you\n"); |
249 | 269 | ||
250 | #ifndef HAVE_BSD_AUTH | 270 | #ifndef HAVE_BSD_AUTH |
251 | pws = getpw(); | 271 | pws = getpw(); |
252 | #endif | 272 | #endif |
253 | 273 | ||
254 | if(!(dpy = XOpenDisplay(0))) | 274 | if(!(dpy = XOpenDisplay(0))) |
255 | die("slock: cannot open display"); | 275 | die("slock: cannot open display\n"); |
256 | /* Get the number of screens in display "dpy" and blank them all. */ | 276 | /* Get the number of screens in display "dpy" and blank them all. */ |
257 | nscreens = ScreenCount(dpy); | 277 | nscreens = ScreenCount(dpy); |
258 | locks = malloc(sizeof(Lock *) * nscreens); | 278 | locks = malloc(sizeof(Lock *) * nscreens); |
259 | if(locks == NULL) | 279 | if(locks == NULL) |
260 | die("slock: malloc: %s", strerror(errno)); | 280 | die("slock: malloc: %s\n", strerror(errno)); |
261 | int nlocks = 0; | 281 | int nlocks = 0; |
262 | for(screen = 0; screen < nscreens; screen++) { | 282 | for(screen = 0; screen < nscreens; screen++) { |
263 | if ( (locks[screen] = lockscreen(dpy, screen)) != NULL) | 283 | if ( (locks[screen] = lockscreen(dpy, screen)) != NULL) |