Parse `--debug` parameter before forking

swaywm / swaylock

Screen locker for Wayland

MIT License

853 stars 202 forks source link

Parse `--debug` parameter before forking #261

Closed raboof closed 1 year ago

raboof commented 2 years ago

To make sure the pw backend picks up the loglevel when passing --debug.

emersion commented 2 years ago

This has security implications: it executes more code as root. In particular, with this patch, files are opened as root.

raboof commented 2 years ago

ah, using pam here, indeed I didn't notice this is the case for the shadow backend :thinking:

raboof commented 2 years ago

OK, so:

we do want a way to enable debug logging of the backend (right?)
we don't want to open files before dropping privileges
we don't want to change the logic of first processing the config file and then processing the CLI parameters
we don't want to introduce unnecessary changes in the way the pam and shadow backends need to be invoked
we don't want to introduce other mechanisms (such as setting environment variables) to enable debugging, as that'd be inconsistent with related tools like sway itself

Perhaps we could have the forked process look for the --debug flag itself, ignoring any other flags and the config file? Somewhat inconsistent and not very DRY, but possibly acceptable since '--debug' is a somewhat 'special' diagnostic flag anyway? WDYT?

emersion commented 2 years ago

Yeah that sounds reasonable!

emersion commented 2 years ago

Hm, unfortunately this is not quite enough. swayidle -- --debug for instance processes --debug as an argument, not an option.

Can we use getopt to parse --debug?

raboof commented 1 year ago

Can we use getopt to parse --debug?

updated

emersion commented 1 year ago

We need to reset optind = 1 to allow getopt to be called multiple times.

emersion commented 1 year ago

Hm, we need to reset optind = 1 between the two getopt loops, ie. after the log_init call.

raboof commented 1 year ago

We need to reset optind = 1 to allow getopt to be called multiple times.

Gotcha! Can confirm this indeed makes cases where --debug isn't the first parameter work :laughing: . Apologies for not testing sufficiently...

raboof commented 1 year ago

Hm, we need to reset optind = 1 between the two getopt loops, ie. after the log_init call.

That was already the case (parse_options set optind = 1 before entering the loop that calls getopt_long). TBH this is pretty surprising API to me, but also setting optind = 1 before entering the loop in log_init as well did improve behavior :thinking:

raboof commented 1 year ago

Thanks for the thorough review!