Skip to content

Reject root-only uinput setup readiness #16

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
OneNoted merged 4 commits into from
Apr 15, 2026
Merged

Reject root-only uinput setup readiness #16

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
ffcb2ba
fix: reject root-only uinput setup readiness
OneNoted Apr 15, 2026
242dd2c
docs: ship README-linked docs in release artifacts
OneNoted Apr 15, 2026
278ae2b
fix: fail root setup before side effects
OneNoted Apr 15, 2026
30cbe9b
test: stabilize wl-copy non-zero exit coverage
OneNoted Apr 15, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,9 @@ include = [
"Cargo.toml",
"Cargo.lock",
"README.md",
"docs/install.md",
"docs/cli.md",
"docs/troubleshooting.md",
"LICENSE",
"NOTICE",
"config.example.toml",
Expand Down
7 changes: 7 additions & 0 deletions scripts/build-release-bundle.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ mkdir -p \
"$stage_dir/$bundle_name/share/bash-completion/completions" \
"$stage_dir/$bundle_name/share/zsh/site-functions" \
"$stage_dir/$bundle_name/share/fish/vendor_completions.d" \
"$stage_dir/$bundle_name/share/doc/whispers/docs" \
"$stage_dir/$bundle_name/share/doc/whispers" \
"$stage_dir/$bundle_name/share/licenses/whispers"

Expand All @@ -65,6 +66,12 @@ install -Dm755 "${target_dir}/whispers-rewrite-worker" \

install -Dm644 README.md \
"$stage_dir/$bundle_name/share/doc/whispers/README.md"
install -Dm644 docs/install.md \
"$stage_dir/$bundle_name/share/doc/whispers/docs/install.md"
install -Dm644 docs/cli.md \
"$stage_dir/$bundle_name/share/doc/whispers/docs/cli.md"
install -Dm644 docs/troubleshooting.md \
"$stage_dir/$bundle_name/share/doc/whispers/docs/troubleshooting.md"
install -Dm644 config.example.toml \
"$stage_dir/$bundle_name/share/doc/whispers/config.example.toml"
install -Dm644 LICENSE \
Expand Down
2 changes: 1 addition & 1 deletion src/inject/tests.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ fn run_wl_copy_reports_spawn_failure() {
fn run_wl_copy_reports_non_zero_exit() {
let err = clipboard::run_wl_copy(
"/bin/sh",
&[String::from("-c"), String::from("exit 7")],
&[String::from("-c"), String::from("cat >/dev/null; exit 7")],
"hello",
)
.expect_err("non-zero exit should fail");
Expand Down
6 changes: 6 additions & 0 deletions src/setup.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,13 @@ impl CloudSetup {
}
}

fn validate_setup_invoker(uid: libc::uid_t) -> Result<()> {
side_effects::validate_setup_user(uid)
}

pub async fn run_setup(config_path_override: Option<&Path>) -> Result<()> {
validate_setup_invoker(unsafe { libc::geteuid() })?;

let ui = SetupUi::new();
ui.print_header("whispers setup");
ui.blank();
Expand Down
17 changes: 12 additions & 5 deletions src/setup/side_effects.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -143,6 +143,7 @@ pub(super) fn maybe_prewarm_experimental_nemo(
}

pub(super) fn maybe_setup_injection_access(ui: &SetupUi) -> Result<InjectionSetupOutcome> {
validate_setup_user(unsafe { libc::geteuid() })?;
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot Apr 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Reject root before mutating setup state

maybe_setup_injection_access now errors for uid == 0, but this function is invoked late in run_setup (after config writes and other side effects), so running whispers setup as root can still modify files and then fail at this check. In that scenario users end up with a partially applied, root-owned setup while the command reports failure; the root validation should happen at the start of setup so no state is changed before returning the error.

Useful? React with 👍 / 👎.

let readiness = crate::inject::InjectionReadinessReport::collect();
if readiness.is_ready() || !readiness.has_uinput_issue() {
return Ok(InjectionSetupOutcome::default());
Expand Down Expand Up @@ -339,11 +340,7 @@ fn current_user_in_group(username: &str, group: &str) -> Result<bool> {

fn current_username() -> Result<String> {
let uid = unsafe { libc::geteuid() };
if uid == 0 {
return Err(crate::error::WhsprError::Config(
"run `whispers setup` as your normal user, not as root".into(),
));
}
validate_setup_user(uid)?;

current_username_for_uid_with(uid, |uid, passwd, buffer, result| unsafe {
libc::getpwuid_r(
Expand All @@ -356,6 +353,16 @@ fn current_username() -> Result<String> {
})
}

pub(super) fn validate_setup_user(uid: libc::uid_t) -> Result<()> {
if uid == 0 {
return Err(crate::error::WhsprError::Config(
"run `whispers setup` as your normal user, not as root".into(),
));
}

Ok(())
}

pub(super) fn current_username_for_uid_with<F>(uid: libc::uid_t, mut lookup: F) -> Result<String>
where
F: FnMut(libc::uid_t, *mut libc::passwd, &mut Vec<u8>, *mut *mut libc::passwd) -> libc::c_int,
Expand Down
22 changes: 22 additions & 0 deletions src/setup/tests.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,28 @@ fn group_membership_failures_become_warnings_without_marking_success() {
assert!(warning.contains("group add failed"));
}

#[test]
fn setup_rejects_root_before_uinput_readiness_short_circuit() {
let err = side_effects::validate_setup_user(0).expect_err("root should be rejected");
match err {
WhsprError::Config(message) => {
assert!(message.contains("run `whispers setup` as your normal user, not as root"));
}
other => panic!("unexpected error variant: {other:?}"),
}
}

#[test]
fn setup_rejects_root_before_any_setup_side_effects() {
let err = super::validate_setup_invoker(0).expect_err("root should be rejected up front");
match err {
WhsprError::Config(message) => {
assert!(message.contains("run `whispers setup` as your normal user, not as root"));
}
other => panic!("unexpected error variant: {other:?}"),
}
}

#[test]
fn group_membership_success_marks_logout_as_needed() {
let mut outcome = side_effects::InjectionSetupOutcome::default();
Expand Down