D4997: Support for long running kcheckpass supporting multiple authentications

Fri May 12 19:36:22 BST 2017

Hi

We could probably do something with kqueue/EVFILT_SIGNAL:
    https://www.freebsd.org/cgi/man.cgi?query=kqueue&sektion=2

     EVFILT_SIGNAL Takes the signal number to monitor as the identifier
                                  and returns when the given signal is
delivered to the
                                 process.  This coexists with the signal() and
                                 sigaction() facilities, and has a
lower precedence.
                                 The filter will record all attempts
to deliver a sig-
                                 nal to a process, even if the signal
has been marked
                                 as SIG_IGN, except for the SIGCHLD
signal, which, if
                                 ignored, won't be recorded by the
filter.  Event
                                 notification happens after normal
signal delivery
                                 processing.  data returns the number
of times the
                                 signal has occurred since the last
call to kevent().
                                 This filter automatically sets the
EV_CLEAR flag
                                 internally.


-- kqueue should be supported on all other *BSD and OSX too.


mfg Tobias

On 12 May 2017 at 15:55, Martin Flöser <mgraesslin at kde.org> wrote:
> Am 2017-05-12 09:18, schrieb Tobias C. Berner:
>>
>> Hi there
>>
>> I think this review introduced some Linux-only features: signalfd() is
>> only present on Linux.
>> So this breaks kcheckpass on FreeBSD (and probably everything non-Linux
>> too).
>>
>> Would it be possible to have the long-running auth stuff hidden behind a
>>   check_include_file("sys/signalfd.h" HAVE_SIGNALFD_H)
>> check?
>
>
> Just confirming what David already wrote. The code is built around signalfd
> and without it kcheckpass is broken. Also in the non-long running kcheckpass
> case signalfd is used.
>
> At the moment I do not see a solution. Sorry for creating the problem, I did
> not expect that this is linux specific.
>
> As we are in feature freeze and this is security relevant code I don't
> really have an idea to move forward. Especially as it's pointless to have
> any linux dev work on this as we might just break it again. We are in low
> level c code in kcheckpass which is totally ugly and all designed for the
> case of running as setuid root.
>
> Cheers
> Martin
>
>
>>
>>
>> mfg Tobias
>>
>> On 19 April 2017 at 17:44, Martin Gräßlin <noreply at phabricator.kde.org>
>> wrote:
>>>
>>> This revision was automatically updated to reflect the committed changes.
>>> Closed by commit R133:07d38ba65adc: Support for long running kcheckpass
>>> supporting multiple authentications (authored by graesslin). View
>>> Revision
>>>
>>> REPOSITORY
>>> R133 KScreenLocker
>>>
>>> CHANGES SINCE LAST UPDATE
>>> https://phabricator.kde.org/D4997?vs=13188&id=13603
>>>
>>> REVISION DETAIL
>>> https://phabricator.kde.org/D4997
>>>
>>> AFFECTED FILES
>>> greeter/authenticator.cpp
>>> greeter/authenticator.h
>>> greeter/autotests/authenticatortest.cpp
>>> greeter/greeterapp.cpp
>>> kcheckpass/kcheckpass-enums.h
>>> kcheckpass/kcheckpass.c
>>> tests/kcheckpass_test.cpp
>>>
>>> To: graesslin, Plasma
>>> Cc: subdiff, plasma-devel, spstarr, progwolff, lesliezhai, ali-mohamed,
>>> jensreuterberg, abetts, sebas, apol