vaxerski
commented
2 weeks ago yeah I never did because I don't find this that important, like, a process can also kill -9 Hyprland. It's prolly nice to have but not critical
Open s-rah opened 2 weeks ago
vaxerski
commented
2 weeks ago yeah I never did because I don't find this that important, like, a process can also kill -9 Hyprland. It's prolly nice to have but not critical
s-rah
commented
2 weeks ago Sure, if running the compositor without any protection at all then there is nothing to subvert.
But this issue does undermine any protection that the os attempts to appy e.g. if using an lsm or unshare etc. to prevent child processes from issuing SIGKILL to the compositor process a child can trivially subvert that restriction.
vaxerski
commented
2 weeks ago sure, that's why I didn't say it's useless.
Regression?
No
System Info and Version
Tested on 0.41.ds-1-1 - I took a quick look at the code to see if any handlers were added in 0.42, but could not identify any.
Description
Because clients can always truncate buffers after providing them over a file descriptor, it is necessary to install SIGBUS handler when reading from client provided buffers (see https://gitlab.freedesktop.org/wlroots/wlroots/-/blob/master/types/wlr_shm.c?ref_type=heads#L179 for wlroots, and https://github.com/Smithay/smithay/blob/13333624f878a1cee3fb4ec6a041f0896913570f/src/wayland/shm/pool.rs#L338 for smithay version of this check.
Without this check any misbehaving client is able to crash the entire hyprland process.
How to reproduce
See the weston bad_buffer test https://gitlab.freedesktop.org/wayland/weston/-/blob/main/tests/bad-buffer-test.c?ref_type=heads for an example client setup that can induce a SIGBUS in a compositor.
Crash reports, logs, images, videos
No response