wl_event_source_remove() is illegal after display has been destroyed,
so just destroy everything when we still can.
==20392==ERROR: AddressSanitizer: heap-use-after-free on address 0x607000001240 at pc 0x00000048e86e bp 0x7ffe4b557e00 sp 0x7ffe4b557df0
READ of size 8 at 0x607000001240 thread T0
#0 0x48e86d in wl_list_insert ../common/list.c:149
#1 0x7fdf673d4d7d in wl_event_source_remove src/event-loop.c:487
#2 0x41b742 in ipc_terminate ../sway/ipc-server.c:94
#3 0x40b1ad in main ../sway/main.c:440
#4 0x7fdf6664c18a in __libc_start_main ../csu/libc-start.c:308
#5 0x409359 in _start (/opt/wayland/bin/sway+0x409359)
0x607000001240 is located 48 bytes inside of 72-byte region [0x607000001210,0x607000001258)
freed by thread T0 here:
#0 0x7fdf692c4880 in __interceptor_free (/lib64/libasan.so.5+0xee880)
#1 0x7fdf673d371a in wl_display_destroy src/wayland-server.c:1097
previously allocated by thread T0 here:
#0 0x7fdf692c4c48 in malloc (/lib64/libasan.so.5+0xeec48)
#1 0x7fdf673d4d9e in wl_event_loop_create src/event-loop.c:522
#2 0x40acb2 in main ../sway/main.c:363
#3 0x7fdf6664c18a in __libc_start_main ../csu/libc-start.c:308
We would previously run all config commands without the environment,
which would appear to work as our socket name is the default one, but
wayland clients would start up in the wrong sway session.
(This explains why 'sometimes' my swayidle processes wouldn't die with
sway, as they weren't listening to the correct socket)
Some operations during backend creation (e.g. becoming DRM master)
require CAP_SYS_ADMIN privileges. At this point, sway has dropped them
already, though. This patch splits the privileged part of server_init
into its own function and calls it before dropping its privileges.
This fixes the bug with minimal security implications.
Increase _POSIX_SOURCE value where needed.
Increase _XOPEN_SOURCE value where needed.
Conditionally link to libcap (only on Linux).
Possibly some trailing whitespace fixes (automatic).
- Moved ``<sys/capability.h>`` include inside `__linux__` guard,
because all uses are similarly guarded.
- <sys/capability.h> is part of an optional devel package, at least
in fedora. CMake now explicitly checks that libcap devel files
are available.
- Added libcap to the list of install packages in .travis.yml, to
make the dependency explicit. travis-ci installs the package by
default, which is why this hasn't surfaced previously.
- Make sure CMake always finds absolute paths for Cairo, Pango and GdkPixbuf
- Add forgotten json-c include path to swaymsg/CMakeLists.txt
- Disable -Werror because of assert warnings
- Add correct /proc/pid/file path for FreeBSD
- Use libepoll-shim on FreeBSD
- Only use Linux capabilities on, well, Linux
LD_PRELOAD enables keyloggers to easily be made. This solution isn't
perfect - really a secure system wouldn't have LD_PRELOAD at all. It was
a stupid idea in the first place.