Hmm, I suppose that's currently lacking, although libseat/seatd is also 
simply built with meson:

    meson build --prefix=/usr --buildtype=release
    ninja -C build
    sudo ninja -C build install

0.5.0, which is a little over half a year old, is in a few Debian repos 
it seems (https://repology.org/project/seatd/versions). Seems to be 
pulled in from Devuan. Maybe poke the maintainer?

Applied, thanks!

Applied, thanks!

sd_bus_call drains received messages into the receive queue, and peeks
for its own return value. It does not dispatch the receive queue.

As the socket is drained, the caller will not wake from a poll and have
no reason to dispatch libseat. This has gone unnoticed largely due to
logind sending an event for every device, making it unlikely that no
unread message will be left on the socket.

Like we have done for seatd, we fix this by sending a "ping" request to
logind if anything is left in our receive queue as reported by
sd_bus_get_events. The response to this will wake us up and ensure that
dispatch is called.
---
 libseat/backend/logind.c | 47 +++++++++++++++++++++++++++++++++++++++-
[message trimmed]

When device open or close messages are sent to seatd, libseat must read
messages from the socket until it sees the associated response message.
This means that it may drain enable/disable seat events from the socket,
queueing them internally for deferred processing.

As the socket is drained, the caller will not wake from a poll and have
no reason to dispatch libseat. To ensure that these messages would not
be left in the queue, 6fa82930d0c5660eea3102989c765dc864514e36 made it
so that open/close calls would execute all queued events just before
returning.

Unfortunately, this had the side-effect of having events fire from the
stack of libseat_open_device or libseat_close_device, which we now see
cause problems in compositors. Specifically, an issue has been observed
[message trimmed]

Both seatd and logind backends need to handle the scenario where a
socket has been drained into an internal queue while waiting for a
return value for a method call.

This issue previously went unnoticed for logind, while seatd had a fix
where events would execute from open/close device methods before
returning. As seen in https://github.com/swaywm/wlroots/issues/3200,
this leads to issues.

Instead, send ping requests and let the pong be responsible for waking
us up later. This fits within our API that only exposes a single fd,
without having to get into the complexity of epoll/kqueue.

seatd-launch: privilege escalation with SUID
============================================

This security advisory describes a vulnerability in seatd-launch 
shipped as part of seatd release 0.6.0 and 0.6.1. The vulnerability was 
fixed in seatd release 0.6.2.

VULNERABILITY
-------------

seatd-launch used execlp, which reads the PATH environment variable to 
search for the requested executable, to execute seatd. This meant that 
the caller could freely control what executable was loaded by adding a 
user-writable directory to PATH.

Announcing the release of seatd 0.6.2.

https://git.sr.ht/~kennylevinsen/seatd/refs/0.6.2

---

seatd 0.6.2

This relase contains a security fix for a vulnerability in the
seatd-launch executable.

A user could manipulate the PATH environment variable to cause
seatd-launch to load a different executable than seatd. If seatd-launch
had the SUID bit set and was owned by a privileged user, this could be

Announcing the release of seatd 0.6.1.

https://git.sr.ht/~kennylevinsen/seatd/refs/0.6.1

---

seatd 0.6.1

This bugfix release addresses usability issues with seatd-launch.

Jan Beich (1):
      seatd-launch: respect PATH when looking for command

Kenny Levinsen (4):

Applied, thanks!