Commit Graph

9 Commits

Author SHA1 Message Date
Connor E
648b0ccd64 Make setuid error clearer. 2019-01-18 13:52:17 +00:00
emersion
0c7932a3af
Move PAM into a child process 2019-01-17 09:53:23 +01:00
emersion
0c1f193083
shadow: fix return in initialize_pw_backend 2019-01-17 09:41:12 +01:00
emersion
3bdf58a455
Make sure we can't restore root after setuid 2019-01-16 22:59:15 +01:00
John Axel Eriksson
f801164b9f
Fix swaylock.h include directive 2019-01-15 16:00:51 +01:00
Brian Ashworth
e3935ad143 Implement logging and remove wlroots dependency
This implements a simpler version of the wlroots logger for swaylock.
With this logger, the dependency on wlroots can be dropped. This also
adds a debug flag and disables debugging output by default
2019-01-14 23:30:54 -05:00
emersion
8191c2147b Replace _XOPEN_SOURCE with _POSIX_C_SOURCE
And make sure we don't define both in the same source file.
2018-11-25 17:19:43 +01:00
Drew DeVault
c7776e7804 Fix swaylock w/shadow on glibc, improve security
Today I learned that GNU flaunts the POSIX standard in yet another
creative way. Additionally, this adds some security improvements,
namely:

- Zeroing out password buffers in the privileged child process
- setuid/setgid after reading /etc/shadow
2018-10-06 12:20:12 -04:00
Drew DeVault
64259db8d6 Add support for building swaylock without PAM
This involves setuid'ing swaylock, which then forks and drops perms on
the parent process. The child process remains root and listens on a pipe
for requests to validate passwords against /etc/shadow.
2018-09-28 13:53:01 +02:00