SystemServer: Applications that connect to services may not be able to run as root

[ne0ndrag0n]

This is reproducible if you run TextEditor as root, either via pls, Escalator, or plain old su. I recommend from su as the others appear to cause an incidental error related to /etc/passwd in the console.

Select the Open option from the toolbar. The application will immediately crash with these errors reported:

Shell: Job 1 (TextEditor) Broken pipe

15.761 SystemServer(48:48): Failed to drop privileges (GID=0, UID=0)
15.764 [#0 TextEditor(47:47)]: Terminating TextEditor(47) due to signal 13

If you make a small change to SystemServer/Service.cpp to report the service name and user id at the time the crash happens:

        if (m_account.has_value() && m_account.value().uid() != getuid()) {
            auto& account = m_account.value();
            dbgln("i am service {} and currently uid {}", name(), getuid());
             ...

You will get this:

96.073 SystemServer(47:47): i am service FileSystemAccessServer and currently uid 100

There is no service definition for FileSystemAccessServer in /etc/SystemServer.ini, but there is one in anon's local SystemServer.ini. Which hints to me that when this service is spawning, it is resolving the socket path with the sid associated with anon. Because User is not defined, SystemServer is trying to elevate from anon to root, which will not work as that's a security issue (setuid cannot set to any other user when non-superuser).

Finally, following a discussion in Discord #development the remedy may not be as simple as changing the resolution of the socket path or changing the session id on su because of the way WindowServer operates. So not sure yet what the fix should be, but that's something to watch out for.