From 1aebdfb9b77d5f71a5aa9faa13beab1f382cf30c Mon Sep 17 00:00:00 2001 From: David Vazgenovich Shakaryan Date: Mon, 26 Feb 2024 21:07:08 -0800 Subject: add option allowing process to be killed by user who started it --- slock.1 | 4 ++++ slock.c | 23 +++++++++++++++++------ 2 files changed, 21 insertions(+), 6 deletions(-) diff --git a/slock.1 b/slock.1 index 08b62b9..c47f424 100644 --- a/slock.1 +++ b/slock.1 @@ -6,6 +6,7 @@ .Nd simple X screen locker .Sh SYNOPSIS .Nm +.Op Fl k .Op Fl f Op Fl p .Op Fl v .Op Ar cmd Op Ar arg ... @@ -18,6 +19,9 @@ is executed after the screen has been locked. .Pp The options are as follows: .Bl -tag -width Ds +.It Fl k +Allow process to be killed by user who started it. +(Leaves real UID and GID unchanged when dropping privileges.) .It Fl f Fork and exit parent process after locking screen. .It Fl p diff --git a/slock.c b/slock.c index 0036c10..edd4440 100644 --- a/slock.c +++ b/slock.c @@ -301,7 +301,7 @@ lockscreen(Display *dpy, struct xrandr *rr, int screen) static void usage(void) { - die("usage: slock [-f [-p]] [-v] [cmd [arg ...]]\n"); + die("usage: slock [-k] [-f [-p]] [-v] [cmd [arg ...]]\n"); } int @@ -315,13 +315,17 @@ main(int argc, char **argv) { const char *hash; Display *dpy; int s, nlocks, nscreens; - int opt_fork, opt_pid; + int opt_killable, opt_fork, opt_pid; pid_t pid; + opt_killable = 0; opt_fork = 0; opt_pid = 0; ARGBEGIN { + case 'k': + opt_killable = 1; + break; case 'f': opt_fork = 1; break; @@ -365,10 +369,17 @@ main(int argc, char **argv) { /* drop privileges */ if (setgroups(0, NULL) < 0) die("slock: setgroups: %s\n", strerror(errno)); - if (setgid(dgid) < 0) - die("slock: setgid: %s\n", strerror(errno)); - if (setuid(duid) < 0) - die("slock: setuid: %s\n", strerror(errno)); + if (opt_killable) { + if (setregid(-1, dgid) < 0) + die("slock: setregid: %s\n", strerror(errno)); + if (setreuid(-1, duid) < 0) + die("slock: setreuid: %s\n", strerror(errno)); + } else { + if (setgid(dgid) < 0) + die("slock: setgid: %s\n", strerror(errno)); + if (setuid(duid) < 0) + die("slock: setuid: %s\n", strerror(errno)); + } /* check for Xrandr support */ rr.active = XRRQueryExtension(dpy, &rr.evbase, &rr.errbase); -- cgit v1.2.3-70-g09d2