Review Request 116555: Add support for pam-kwallet in kwalletd

Àlex Fiestas afiestas at kde.org
Thu Mar 6 21:10:42 UTC 2014



> On March 6, 2014, 7:52 p.m., Albert Astals Cid wrote:
> > kwalletd/main.cpp, line 100
> > <https://git.reviewboard.kde.org/r/116555/diff/2/?file=251596#file251596line100>
> >
> >     Make this function static like the other ones?

You are right, I will fix it tomorrow morning.


- Àlex


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/116555/#review52293
-----------------------------------------------------------


On March 2, 2014, 11:33 p.m., Àlex Fiestas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://git.reviewboard.kde.org/r/116555/
> -----------------------------------------------------------
> 
> (Updated March 2, 2014, 11:33 p.m.)
> 
> 
> Review request for KDE Runtime, Release Team and Valentin Rusu.
> 
> 
> Repository: kde-runtime
> 
> 
> Description
> -------
> 
> This patch adds support for pam-kwallet (in my scratch right now, to be released soon).
> 
> This is how the new pam works, and why this patch is needed:
> 
> In order to open the wallet in a secure way we have to try hard to not send the hash on an 
> insecure manner. This is how we achieve that:
> 
> -pam_kwallet creates a pipe.
> -pam_kwallet opens a local socket listening somewhere (/tmp/foo.socket for example).
> -pam_kwallet forks+execv kwallet, passing via arguments the sockets (pipe and local socket).
> -pam_kwallet sends the hash via the pipe.
> -kwalletd gets the hash and waits for the environment.
> -startkde uses "socat" to send the environment to kwalletd.
> -kwalletd setups the environment before any Qt code is executed.
> -kwalletd resumes execution.
> 
> With this way of executing kwallet we get:
> -pam_kwallet knows to who it is sending the hash (its on child).
> -hash is never revealed on shared memory (dbus), since pipes are private to the apps.
> -ptrace is usually disabled so only root can see the hash on the app memory
> -no Qt code is executed without the proper environment (same as startkde)
> -if kwalletd is executed normally (not from pam_kwallet) then it is business as usual.
> 
> The patch also comes with integration tests that simulate how kwalletd is executed in the pam module.
> 
> For the release team, I would love to add this to 4.13, after all it is innocuous if kwalletd is not executed via pam_module.
> 
> 
> Diffs
> -----
> 
>   kwalletd/CMakeLists.txt e9aef16 
>   kwalletd/autotests/CMakeLists.txt PRE-CREATION 
>   kwalletd/autotests/kdewallet.kwl PRE-CREATION 
>   kwalletd/autotests/kwalletexecuter.h PRE-CREATION 
>   kwalletd/autotests/kwalletexecuter.cpp PRE-CREATION 
>   kwalletd/autotests/qtest_kwallet.h PRE-CREATION 
>   kwalletd/autotests/testpamopen.cpp PRE-CREATION 
>   kwalletd/autotests/testpamopennofile.cpp PRE-CREATION 
>   kwalletd/main.cpp f9af414 
> 
> Diff: https://git.reviewboard.kde.org/r/116555/diff/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Àlex Fiestas
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/release-team/attachments/20140306/cd4e0d43/attachment.html>


More information about the release-team mailing list