<html>
<body>
<div style="font-family: Verdana, Arial, Helvetica, Sans-Serif;">
<table bgcolor="#f9f3c9" width="100%" cellpadding="8" style="border: 1px #c9c399 solid;">
<tr>
<td>
This is an automatically generated e-mail. To reply, visit:
<a href="https://git.reviewboard.kde.org/r/116555/">https://git.reviewboard.kde.org/r/116555/</a>
</td>
</tr>
</table>
<br />
<table bgcolor="#fefadf" width="100%" cellspacing="0" cellpadding="8" style="background-image: url('https://git.reviewboard.kde.org/static/rb/images/review_request_box_top_bg.ab6f3b1072c9.png'); background-position: left top; background-repeat: repeat-x; border: 1px black solid;">
<tr>
<td>
<div>Review request for KDE Runtime, Release Team and Valentin Rusu.</div>
<div>By Àlex Fiestas.</div>
<div style="margin-top: 1.5em;">
<b style="color: #575012; font-size: 10pt;">Repository: </b>
kde-runtime
</div>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Description </h1>
<table width="100%" bgcolor="#ffffff" cellspacing="0" cellpadding="10" style="border: 1px solid #b8b5a0">
<tr>
<td>
<pre style="margin: 0; padding: 0; white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">This patch adds support for pam-kwallet (in my scratch right now, to be released soon).
This is how the new pam works, and why this patch is needed:
In order to open the wallet in a secure way we have to try hard to not send the hash on an
insecure manner. This is how we achieve that:
-pam_kwallet creates a pipe.
-pam_kwallet opens a local socket listening somewhere (/tmp/foo.socket for example).
-pam_kwallet forks+execv kwallet, passing via arguments the sockets (pipe and local socket).
-pam_kwallet sends the hash via the pipe.
-kwalletd gets the hash and waits for the environment.
-startkde uses "socat" to send the environment to kwalletd.
-kwalletd setups the environment before any Qt code is executed.
-kwalletd resumes execution.
With this way of executing kwallet we get:
-pam_kwallet knows to who it is sending the hash (its on child).
-hash is never revealed on shared memory (dbus), since pipes are private to the apps.
-ptrace is usually disabled so only root can see the hash on the app memory
-no Qt code is executed without the proper environment (same as startkde)
-if kwalletd is executed normally (not from pam_kwallet) then it is business as usual.
The patch also comes with integration tests that simulate how kwalletd is executed in the pam module.
For the release team, I would love to add this to 4.13, after all it is innocuous if kwalletd is not executed via pam_module.</pre>
</td>
</tr>
</table>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Diffs</b> </h1>
<ul style="margin-left: 3em; padding-left: 0;">
<li>kwalletd/CMakeLists.txt <span style="color: grey">(e9aef16)</span></li>
<li>kwalletd/autotests/CMakeLists.txt <span style="color: grey">(PRE-CREATION)</span></li>
<li>kwalletd/autotests/kdewallet.kwl <span style="color: grey">(PRE-CREATION)</span></li>
<li>kwalletd/autotests/kwalletexecuter.h <span style="color: grey">(PRE-CREATION)</span></li>
<li>kwalletd/autotests/kwalletexecuter.cpp <span style="color: grey">(PRE-CREATION)</span></li>
<li>kwalletd/autotests/qtest_kwallet.h <span style="color: grey">(PRE-CREATION)</span></li>
<li>kwalletd/autotests/testpamopen.cpp <span style="color: grey">(PRE-CREATION)</span></li>
<li>kwalletd/autotests/testpamopennofile.cpp <span style="color: grey">(PRE-CREATION)</span></li>
<li>kwalletd/main.cpp <span style="color: grey">(f9af414)</span></li>
</ul>
<p><a href="https://git.reviewboard.kde.org/r/116555/diff/" style="margin-left: 3em;">View Diff</a></p>
</td>
</tr>
</table>
</div>
</body>
</html>