Review request for KDE Runtime, Release Team and Valentin Rusu.
By Àlex Fiestas.
Updated March 13, 2014, 12:33 a.m.
Repository:
kde-runtime
Description
This patch adds support for pam-kwallet (in my scratch right now, to be released soon).
This is how the new pam works, and why this patch is needed:
In order to open the wallet in a secure way we have to try hard to not send the hash on an
insecure manner. This is how we achieve that:
-pam_kwallet creates a pipe.
-pam_kwallet opens a local socket listening somewhere (/tmp/foo.socket for example).
-pam_kwallet forks+execv kwallet, passing via arguments the sockets (pipe and local socket).
-pam_kwallet sends the hash via the pipe.
-kwalletd gets the hash and waits for the environment.
-startkde uses "socat" to send the environment to kwalletd.
-kwalletd setups the environment before any Qt code is executed.
-kwalletd resumes execution.
With this way of executing kwallet we get:
-pam_kwallet knows to who it is sending the hash (its on child).
-hash is never revealed on shared memory (dbus), since pipes are private to the apps.
-ptrace is usually disabled so only root can see the hash on the app memory
-no Qt code is executed without the proper environment (same as startkde)
-if kwalletd is executed normally (not from pam_kwallet) then it is business as usual.
The patch also comes with integration tests that simulate how kwalletd is executed in the pam module.
For the release team, I would love to add this to 4.13, after all it is innocuous if kwalletd is not executed via pam_module.
|
Diffs
- kwalletd/CMakeLists.txt (e9aef16)
- kwalletd/autotests/CMakeLists.txt (PRE-CREATION)
- kwalletd/autotests/kdewallet.kwl (PRE-CREATION)
- kwalletd/autotests/kwalletexecuter.h (PRE-CREATION)
- kwalletd/autotests/kwalletexecuter.cpp (PRE-CREATION)
- kwalletd/autotests/qtest_kwallet.h (PRE-CREATION)
- kwalletd/autotests/testpamopen.cpp (PRE-CREATION)
- kwalletd/autotests/testpamopennofile.cpp (PRE-CREATION)
- kwalletd/main.cpp (f9af414)
View Diff
|