Only use prewarm socket if uid and gid match

2024-09-21 03:27:55 +03:00 · 2022-07-03 15:19:17 +05:30 · 2022-07-03 15:19:17 +05:30 · 320d45a3f5
commit 320d45a3f5
parent 73795b5257
2 changed files with 23 additions and 2 deletions
--- a/kitty/child.py
+++ b/kitty/child.py
@ -250,7 +250,7 @@ def final_env(self) -> Dict[str, str]:
        env['COLORTERM'] = 'truecolor'
        env['KITTY_PID'] = getpid()
        if not self.is_prewarmed:
-            env['KITTY_PREWARM_SOCKET'] = fast_data_types.get_boss().prewarm.unix_socket_name
+            env['KITTY_PREWARM_SOCKET'] = f'{os.geteuid()}:{os.getegid()}:{fast_data_types.get_boss().prewarm.unix_socket_name}'
        if self.cwd:
            # needed in case cwd is a symlink, in which case shells
            # can use it to display the current directory name rather
--- a/prewarm-launcher.h
+++ b/prewarm-launcher.h
@ -452,10 +452,31 @@ loop(void) {
 #undef fail
 }

+static char*
+check_socket_addr(char *addr) {
+    char *p = strchr(addr, ':');
+    if (!p) return NULL;
+    *p = 0;
+    long val = -1;
+    bool ok = parse_long(addr, &val);
+    *p = ':';
+    if (!ok || val != geteuid()) return NULL;
+    addr = p + 1;
+    p = strchr(addr, ':');
+    if (!p) return NULL;
+    *p = 0;
+    ok = parse_long(addr, &val);
+    *p = ':';
+    if (!ok || val != getegid()) return NULL;
+    return p + 1;
+}
+
 static void
 use_prewarmed_process(int argc, char *argv[]) {
-    const char *env_addr = getenv("KITTY_PREWARM_SOCKET");
+    char *env_addr = getenv("KITTY_PREWARM_SOCKET");
    if (!env_addr || !*env_addr || !is_prewarmable(argc, argv)) return;
+    env_addr = check_socket_addr(env_addr);
+    if (!env_addr) return;
    self_ttyfd = safe_open(ctermid(NULL), O_RDWR | O_NONBLOCK, 0);
 #define fail(s) { print_error(s, errno); cleanup(); return; }
    if (self_ttyfd == -1) fail("Failed to open controlling terminal");