D7124: Avoid dropping privileges by initializing gcrypt secmem
Fabian Vogt
noreply at phabricator.kde.org
Fri Aug 4 09:45:41 UTC 2017
fvogt created this revision.
Restricted Application added a project: Plasma.
REVISION SUMMARY
It's a documented side effect that initialization of secure memory in gcrypt
drops privileges if getuid() != geteuid(). This results in breaking setuid
callers, like sudo or su.
TEST PLAN
Can use sudo again when pam_kwallet is involved.
REPOSITORY
R107 KWallet PAM Integration
BRANCH
patch3
REVISION DETAIL
https://phabricator.kde.org/D7124
AFFECTED FILES
pam_kwallet.c
To: fvogt, #plasma
Cc: plasma-devel, ZrenBot, progwolff, lesliezhai, ali-mohamed, jensreuterberg, abetts, sebas, apol, mart, lukas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/plasma-devel/attachments/20170804/2548392f/attachment.html>
More information about the Plasma-devel
mailing list