Denis 'GNUtoo' Carikli <gnu...@cyberdimension.org> [2022-06-24 18:21:26+0200]:
> If I launch sway from a tty, if either sway or swaylock[2] crashes, and
> that the computer is left unattended (for a short moment), it would
> then leave a shell open for potential attackers.
Don’t know about display managers, but I have been using `exec sway`
(previously `exec startx`) to avoid exposing a shell if sway crashes.
> [2]To launch swaylock I simply copied swaylock to ./ and I used chmod
> and chown to set ./swaylock setuid root, and then it would work fine.
I add swaylock to setuid-programs in config.scm, which seems to work OK:
(setuid-programs
(cons*
(setuid-program (program (file-append swaylock "/bin/swaylock")))
%setuid-programs))
