----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://git.reviewboard.kde.org/r/116555/#review52854 -----------------------------------------------------------
This review has been submitted with commit f2fe3e75b4ba12d0f99aa09327059a1865891b14 by Àlex Fiestas to branch KDE/4.13. - Commit Hook On March 2, 2014, 11:33 p.m., Àlex Fiestas wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://git.reviewboard.kde.org/r/116555/ > ----------------------------------------------------------- > > (Updated March 2, 2014, 11:33 p.m.) > > > Review request for KDE Runtime, Release Team and Valentin Rusu. > > > Repository: kde-runtime > > > Description > ------- > > This patch adds support for pam-kwallet (in my scratch right now, to be > released soon). > > This is how the new pam works, and why this patch is needed: > > In order to open the wallet in a secure way we have to try hard to not send > the hash on an > insecure manner. This is how we achieve that: > > -pam_kwallet creates a pipe. > -pam_kwallet opens a local socket listening somewhere (/tmp/foo.socket for > example). > -pam_kwallet forks+execv kwallet, passing via arguments the sockets (pipe and > local socket). > -pam_kwallet sends the hash via the pipe. > -kwalletd gets the hash and waits for the environment. > -startkde uses "socat" to send the environment to kwalletd. > -kwalletd setups the environment before any Qt code is executed. > -kwalletd resumes execution. > > With this way of executing kwallet we get: > -pam_kwallet knows to who it is sending the hash (its on child). > -hash is never revealed on shared memory (dbus), since pipes are private to > the apps. > -ptrace is usually disabled so only root can see the hash on the app memory > -no Qt code is executed without the proper environment (same as startkde) > -if kwalletd is executed normally (not from pam_kwallet) then it is business > as usual. > > The patch also comes with integration tests that simulate how kwalletd is > executed in the pam module. > > For the release team, I would love to add this to 4.13, after all it is > innocuous if kwalletd is not executed via pam_module. > > > Diffs > ----- > > kwalletd/CMakeLists.txt e9aef16 > kwalletd/autotests/CMakeLists.txt PRE-CREATION > kwalletd/autotests/kdewallet.kwl PRE-CREATION > kwalletd/autotests/kwalletexecuter.h PRE-CREATION > kwalletd/autotests/kwalletexecuter.cpp PRE-CREATION > kwalletd/autotests/qtest_kwallet.h PRE-CREATION > kwalletd/autotests/testpamopen.cpp PRE-CREATION > kwalletd/autotests/testpamopennofile.cpp PRE-CREATION > kwalletd/main.cpp f9af414 > > Diff: https://git.reviewboard.kde.org/r/116555/diff/ > > > Testing > ------- > > > Thanks, > > Àlex Fiestas > >