Pr

Makefile

@@ -21,8 +21,14 @@ $(OBJ):
 install: all
 	mkdir -p $(PREFIX)/bin
 	cp -f $(NAME) $(PREFIX)/bin
-	chmod 755 ${DESTDIR}${PREFIX}/bin/$(NAME)
+	sudo chown root:root ${DESTDIR}${PREFIX}/bin/$(NAME)
+	sudo chmod u+s ${DESTDIR}${PREFIX}/bin/$(NAME)
 
 .PHONY: clean
 clean:
 	rm -f -- $(NAME) $(OBJ)
+
+with-minilib:
+	make -f minilib.conf
+
+

README.md

@@ -1,3 +1,45 @@
 # sxinit
 
-`sxinit` starts `Xserver` and `~/.xinitrc` script. All `sxinit` arguments are passed to `Xserver` as is.
+
+`sxinit` starts `Xserver` and `~/.xinitrc` script. 
+
+~~All `sxinit` arguments are passed to `Xserver` as is.~~
+
+
+----
+
+(misc)
+
+	 The full path and arguments to Xorg are hardcoded to prevent users 
+	 of placing another binary into the search path,
+	 which would be executed with admin rights.
+	 For the same reason, it shouldn't be possible to submit 
+	 arbitrary arguments to xorg for users,
+	 nor should Xorg itself be suid or executable by users.
+
+	 The xserver is a quite complex executable, so it is definitely more secure 
+	 having a small static binary like sxinit being suid,
+	 which can be checked for security flaws,
+	 than having the xserver suid with known vulnerabilities.
+
+	 All arguments submitted to sxinit are submitted to the script xinitrc,
+	 which is parsed and executed by /bin/sh.
+
+	 The suid rights of sxinit are droppped, as soon the xserver runs.
+
+	 When there's no /home/user/.xinitrc file present,
+	 the default /etc/X11/xinitrc script is executed.
+
+	 'minilib.conf' is a configuration file to (optionally) download Makefile.minilib 
+	 and minilib.h from github, and compile sxinit statically linked with minilib 
+	 (github.com/michael105/minilib) to ~3.5kB.
+    'make -f minilib.conf'
+
+	 There is the possibility (and IMHO advantage) of being able to see
+	 the complete sources, including all used parts of minilib,
+	 with 'SHOWSOURCE=1 make -f minilib.conf'
+	 When skipping through the (mostly unused) type definitions and praedeclarations,
+	 this gets down to around 500 locs.
+
+
+

minilib.conf

@@ -0,0 +1,131 @@
+#mlconfig
+ifdef undef
+#
+# type 'make -f minilib.conf'
+# to use this combined config and makefile generated by mini-gcc,
+# compile and download when needed (ca.100kB) with minilib.
+# (https://github.com/michael105/minilib)
+#
+# Alternatively, when the script mini-gcc with the embedded minilib is already present,
+# 'mini-gcc --config minilib.conf' 
+# compiles without fetching minilib again.
+#
+# 
+# Minilib and the accompanying tools are licensed under a 
+# BSD-style opensource license with attribution.
+# I did my best and I'm using minilib myself,
+# but cannot give any guarantees for any functionality
+# of the opensourced library or the accompanying tools.
+#
+# (Disclaimer)
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL Michael Myer BE LIABLE FOR ANY
+# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+# The full license is available at the webpage of minilib.
+# https://github.com/michael105/minilib
+# Michael (misc) Myer, 2021
+#
+
+
+# Save default. The minibuf is needed for malloc, printf, and file streams.
+#mini_buf 1024
+
+# define headerguards, to prevent parsing the standard header
+HEADERGUARDS
+
+# Startup function
+mini_start
+
+# put the globals on stack.
+# reserves a fixed register as pointer to the globals
+# globals_on_stack
+
+# define var (#define var arg)
+# DEFINE var arg
+
+# optimization Flag. Os,O1,O2 might be save. O3 is known to cause sometimes trouble
+OPTFLAG -Os
+
+# (with debug info)
+#OPTFLAG -g -O0
+
+# stripflag ( defaults to -s)
+#STRIPFLAG
+
+# Build minilib source
+INCLUDESRC
+
+# the ldscript to use
+# Can be one of: default, onlytext, textandbss
+LDSCRIPT default
+
+# Shrink the compiled binary with shrinkelf
+#SHRINKELF
+
+# generate debug info (-O0 -g). Overwrites OPTFLAG, STRIPFLAG and SHRINKELF
+#DEBUG
+
+# list of source files, supplied to gcc
+SOURCES sxinit.c
+
+# the binary to be compiled ( -o $BINARY )
+BINARY sxinit
+
+# function switches. Only functions named below will be compiled
+
+COMPILE chdir close exit fork fputc fputs getenv kill pipe read sigaction 
+COMPILE sigaddset sigemptyset sigprocmask strlen stpcpy strcpy strncmp 
+COMPILE waitpid environ execve setreuid getuid sigsuspend putenv puts 
+COMPILE strerror errno raise
+
+return
+endif
+# configuration part ends, 
+# embedded makefile starts below
+
+
+VERSION := "20210629"
+urlbase := "https://raw.githubusercontent.com/michael105/minilib/download"
+
+fetch = $(shell ((curl $(urlbase)/$(VERSION)/$(1).gz > $(1).gz) || (wget $(urlbase)/$(1).gz)) && gunzip $(1).gz)
+
+
+default: Makefile.minilib minilib.h check compile
+
+
+compile:
+	$(info Compile)
+	make -f Makefile.minilib CONF="$(lastword $(MAKEFILE_LIST))"
+
+
+Makefile.minilib:
+	$(info "Download Makefile.minilib (Version $(VERSION))from github")
+	$(call fetch,Makefile.minilib)
+
+
+minilib.h:
+	$(info "Download minilib.h (Version $(VERSION))from github")
+	$(call fetch,minilib.h)
+
+
+.ONESHELL:
+check:
+	@echo "Checking sha256 sums"
+	echo -e "$(SHA256SUMS)" | sha256sum -c || exit
+	echo ok 
+
+
+# checksums 
+define SHA256SUMS =
+e7871196b083f725cfe6d8c4a3f84d4ad1e3c246495ad9c7e870e24f22b5b37c  minilib.h
+a0f1cc92cc34fd55a500213069fcef2eda96006a71ef950c2a2744bd8fba6149  Makefile.minilib
+endef
+