remove suid bit to use capabilities

2025-04-24 15:37:23 +00:00 · 2014-08-20 20:21:34 +04:00 · 2014-08-20 20:21:34 +04:00 · e9090ab4a9
commit e9090ab4a9
parent 8bf33d4369
5 changed files with 7 additions and 9 deletions
--- a/2
+++ b/2
@ -13,7 +13,7 @@ license=('GPL3')
 makedepends=('automoc4' 'cmake' 'kdelibs' 'qt5-base' 'qt5-tools')
 source=("https://github.com/arcan1s/netctl-gui/releases/download/V.${pkgver}/${pkgbase}-${pkgver}-src.tar.xz")
 install="${pkgbase}.install"
-md5sums=('d99eba4101fee42ebbfa5735aa706bc9')
+md5sums=('65b6b2ff184de7e55a70645dc4e2f43a')


 prepare() {
--- a/README.md
+++ b/README.md
@ -57,6 +57,7 @@ Installation
  * `-DBUILD_LIBRARY:BOOL=0` - do not build library
  * `-DBUILD_PLASMOID:BOOL=0` - do not build Plasmoid
  * `-DBUILD_TEST:BOOL=1` - build auto tests for the library and the helper
+  * `-DUSE_CAPABILITIES` - use setcap to get privileges to the helper
  * `-DUSE_QT5:BOOL=0` - use Qt4 instead of Qt5 for GUI

 Additional information
@ -65,9 +66,6 @@ Additional information
 TODO (wish list)
 ----------------

-* remove suid bit from helper (polkit/logind/etc)
-* check/update documentation
-
 Links
 -----

--- a/sources/CMakeLists.txt
+++ b/sources/CMakeLists.txt
@ -21,6 +21,7 @@ message (STATUS "Version: ${PROJECT_VERSION}")
 message (STATUS "Build date: ${CURRENT_DATE}")

 # install options
+option (USE_CAPABILITIES "Use setcap to set capabilities for the helper" ON)
 option (USE_QT5 "Use Qt5 instead of Qt4" ON)
 # components
 option (BUILD_GUI "Build GUI" ON)
--- a/sources/helper/src/CMakeLists.txt
+++ b/sources/helper/src/CMakeLists.txt
@ -50,9 +50,8 @@ endif()

 add_executable (${SUBPROJECT} ${SOURCES} ${HEADERS} ${MOC_SOURCES} ${QRC_SOURCES} ${TRANSLATIONS})
 target_link_libraries (${SUBPROJECT} ${PROJECT_LIBRARY} ${QT_NEEDED_LIBS})
-add_executable (${SUBPROJECT}-suid ${SOURCES} ${HEADERS} ${MOC_SOURCES} ${QRC_SOURCES} ${TRANSLATIONS})
-target_link_libraries (${SUBPROJECT}-suid ${PROJECT_LIBRARY} ${QT_NEEDED_LIBS})
 # install properties
 install (TARGETS ${SUBPROJECT} DESTINATION bin)
-install (TARGETS ${SUBPROJECT}-suid DESTINATION bin
-         PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE SETUID)
+if (USE_CAPABILITIES)
+    install (CODE "exec_program (setcap ARGS \\\"cap_setuid+iep cap_setgid+iep\\\" \"$ENV{DESTDIR}/bin/${SUBPROJECT}\")")
+endif ()
--- a/sources/helper/src/main.cpp
+++ b/sources/helper/src/main.cpp
@ -91,7 +91,7 @@ int main(int argc, char *argv[])
        args[QString("nodaemon")] = true;
    // check euid
    if (geteuid() != 0) {
-        cout << QCoreApplication::translate("NetctlHelper", "The helper is running with EUID %1. Some functions will not be available.")
+        cout << QCoreApplication::translate("NetctlHelper", "The helper is running with EUID %1. Some functions may not be available.")
                .arg(QString::number(geteuid())).toUtf8().data() << endl;
        cout << QCoreApplication::translate("NetctlHelper", "See security notes for more details.")
                .toUtf8().data() << endl;