[feat] Improving the Security Model

* The IPC functionality has been modulized * Makefile and docs are updated * SWEET parser has been integrated * Daemon now looks for config file in the XDG_CONFIG_DIR correctly * Server and Daemon have been integrated using socket based IPC * Instance tracking for the server to prevent cpu load * Daemon can be lauched using the setuid bit * Event based environment refresh integrated for the server and daemon * Daemon now reads the env from the server * De-escalated thread used to execute commmands in daemon * Old IPC model has been retired * Polkit dependency has been removed * Command execution has been ported from server to daemon
waycrate · Sep 28, 2024 · 533295f · 533295f
1 parent f2bee30
commit 533295f
Show file tree

Hide file tree

Showing 11 changed files with 459 additions and 333 deletions.
diff --git a/INSTALL.md b/INSTALL.md
@@ -10,7 +10,6 @@ We have packaged `swhkd-git`. `swhkd-bin` has been packaged separately by a user
 
 **Runtime:**
 
-- Policy Kit Daemon ( polkit )
 - Uinput kernel module
 - Evdev kernel module
 
@@ -34,5 +33,5 @@ We have packaged `swhkd-git`. `swhkd-bin` has been packaged separately by a user
 
 ```
 swhks &
-pkexec swhkd
+swhkd
 ```
diff --git a/Makefile b/Makefile
@@ -4,8 +4,6 @@ DESTDIR ?= "/"
 DAEMON_BINARY := swhkd
 SERVER_BINARY := swhks
 BUILDFLAGS := --release
-POLKIT_DIR := /usr/share/polkit-1/actions
-POLKIT_POLICY_FILE := com.github.swhkd.pkexec.policy
 TARGET_DIR := /usr/bin
 MAN1_DIR := /usr/share/man/man1
 MAN5_DIR := /usr/share/man/man5
@@ -15,19 +13,17 @@ all: build
 
 build:
  @cargo build $(BUILDFLAGS)
- @./scripts/build-polkit-policy.sh \
- --policy-path=$(POLKIT_POLICY_FILE) \
- --swhkd-path=$(TARGET_DIR)/$(DAEMON_BINARY)
 
 install:
  @find ./docs -type f -iname "*.1.gz" \
  -exec install -Dm 644 {} -t $(DESTDIR)/$(MAN1_DIR) \;
  @find ./docs -type f -iname "*.5.gz" \
  -exec install -Dm 644 {} -t $(DESTDIR)/$(MAN5_DIR) \;
  @install -Dm 755 ./target/release/$(DAEMON_BINARY) -t $(DESTDIR)/$(TARGET_DIR)
+ @sudo chown root:root $(DESTDIR)/$(TARGET_DIR)/$(DAEMON_BINARY)
+ @sudo chmod u+s $(DESTDIR)/$(TARGET_DIR)/$(DAEMON_BINARY)
  @install -Dm 755 ./target/release/$(SERVER_BINARY) -t $(DESTDIR)/$(TARGET_DIR)
- @install -Dm 644 -o root ./$(POLKIT_POLICY_FILE) -t $(DESTDIR)/$(POLKIT_DIR)
-# Ideally, we would have a default config file instead of an empty one
+ # Ideally, we would have a default config file instead of an empty one
  @if [ ! -f $(DESTDIR)/etc/$(DAEMON_BINARY)/$(DAEMON_BINARY)rc ]; then \
  touch ./$(DAEMON_BINARY)rc; \
  install -Dm 644 ./$(DAEMON_BINARY)rc -t $(DESTDIR)/etc/$(DAEMON_BINARY); \
@@ -38,7 +34,6 @@ uninstall:
  @$(RM) -f /usr/share/man/**/swhks.*
  @$(RM) $(TARGET_DIR)/$(SERVER_BINARY)
  @$(RM) $(TARGET_DIR)/$(DAEMON_BINARY)
- @$(RM) $(POLKIT_DIR)/$(POLKIT_POLICY_FILE)
 
 check:
  @cargo fmt
@@ -57,7 +52,6 @@ clean:
  @cargo clean
  @$(RM) -f ./docs/*.gz
  @$(RM) -f $(DAEMON_BINARY)rc
- @$(RM) -f $(POLKIT_POLICY_FILE)
 
 setup:
  @rustup install stable

diff --git a/README.md b/README.md
@@ -34,7 +34,7 @@ Xorg or Wayland desktops, and you can even use `swhkd` in a TTY.
 
 ```bash
 swhks &
-pkexec swhkd
+swhkd
 ```
 
 ## Runtime signals
@@ -50,9 +50,7 @@ After opening `swhkd`, you can control the program through signals:
 `swhkd` closely follows `sxhkd` syntax, so most existing `sxhkd` configs should
 be functional with `swhkd`.
 
-The default configuration file is in `/etc/swhkd/swhkdrc`. If you don't like
-having to edit the file as root every single time, you can create a symlink from
-`~/.config/swhkd/swhkdrc` to `/etc/swhkd/swhkdrc`.
+The default configuration file is in `~/.config/swhkd/swhkdrc` with a fallback to `etc/swhkd/swhkdrc`.
 
 If you use Vim, you can get `swhkd` config syntax highlighting with the
 [swhkd-vim](https://github.com/waycrate/swhkd-vim) plugin. Install it in
@@ -75,13 +73,13 @@ All supported key and modifier names are listed in `man 5 swhkd-keys`.
 ## Security
 
 We use a server-client model to keep you safe. The daemon (`swhkd` — privileged
-process) communicates to the server (`swhks` — running as non-root user) after
-checking for valid keybindings. Since the daemon is totally separate from the
-server, no other process can read your keystrokes. As for shell commands, you
-might be thinking that any program can send shell commands to the server and
-that's true! But the server runs the commands as the currently logged-in user,
-so no extra permissions are provided (This is essentially the same as any app on
-your desktop calling shell commands).
+process) is responsible for listening to key events and running shell commands.
+The server (`swhks` — non-privileged process) is responsible for keeping a track of the
+environment variables and sending them to the daemon. The daemon
+uses these environment variables while running the shell commands.
+The daemon only runs shell commands that have been parsed from the config file and there is no way to
+run arbitrary shell commands. The server is responsible for only sending the environment variables to the daemon and nothing else.
+This seperation of responsibilities ensures security.
 
 So yes, you're safe!
 

diff --git a/docs/swhkd.1.scd b/docs/swhkd.1.scd
@@ -6,18 +6,11 @@ swhkd - Hotkey daemon inspired by sxhkd written in Rust
 
 # SYNOPSIS
 
-*pkexec swhkd* [_flags_]
+*swhkd* [_flags_]
 
 # CONFIG FILE
 
-The config file goes in */etc/swhkd/swhkdrc*. Since swhkd is written with a pkexec privilege escalation model in mind, we can't detect
-*$XDG_CONFIG_HOME*.
-
-This can be avoided as such:
- - Using the *include* statement in your config file.
- - Using the *-c* flag to mention a custom config file at runtime.
- - Symlinking the config file from *~/.config/swhkd/swhkdrc* or any other directory of choice to */etc/swhkd/swhkdrc*.
-
+The config file goes in *~/.config/swhkd/swhkdrc* with a fallback to */etc/swhkd/swhkdrc*.
 More about the config file syntax in `swhkd(5)`
 
 # OPTIONS

diff --git a/docs/swhkd.5.scd b/docs/swhkd.5.scd
@@ -6,7 +6,8 @@ swhkd - Hotkey daemon inspired by sxhkd written in Rust
 
 # CONFIG FILE
 
- - A global config can be defined in */etc/swhkd/swhkdrc*. Swhkd attempts to look in your *$XDG_CONFIG_HOME*, failing which it defaults to *~/.config*.
+ - A global config can be defined in *~/.config/swhkd/swhkdrc*, with a
+ fallback to */etc/swhkd/swhkdrc*. Swhkd attempts to look in your *$XDG_CONFIG_HOME*, failing which it defaults to *~/.config*.
  - A local config overrides the global one. Local configs should be placed in the root of the project.
 
 # SYNTAX

diff --git a/docs/swhks.1.scd b/docs/swhks.1.scd
@@ -16,12 +16,6 @@ swhks - Server for swhkd, used to run user level commands over IPC.
 *-V*, *--version*
  Print version information.
 
-*-l*, *--log* <LOG_FILE_PATH>
- Set a log file path.
- If *XDG_DATA_HOME* exists then we use *swhks/swhks-current_time.log* relative to
- it, else we use *.local/share/swhks/swhks-current_time.log* relative to the
- user home directory.
-
 *-d*, *--debug*
  Enable debug mode.