Commit 1a01e1eb authored by Fabian Vogt's avatar Fabian Vogt

Avoid dropping privileges by initializing gcrypt secmem

Summary:
It's a documented side effect that initialization of secure memory in gcrypt
drops privileges if getuid() != geteuid(). This results in breaking setuid
callers, like sudo or su.

Test Plan: Can use sudo again when pam_kwallet is involved.

Reviewers: #plasma

Subscribers: plasma-devel

Tags: #plasma

Differential Revision: https://phabricator.kde.org/D7124
parent f3b230f7
......@@ -722,12 +722,18 @@ int kwallet_hash(const char *passphrase, struct passwd *userInfo, char *key)
gcry_error_t error;
/* We cannot call GCRYCTL_INIT_SECMEM as it drops privileges if getuid() != geteuid().
* PAM modules are in many cases executed through setuid binaries, which this call
* would break.
* It was never effective anyway as neither key nor passphrase are in secure memory,
* which is a prerequisite for secure operation...
error = gcry_control(GCRYCTL_INIT_SECMEM, 32768, 0);
if (error != 0) {
free(salt);
syslog(LOG_ERR, "%s-kwalletd: Can't get secure memory: %d", logPrefix, error);
return 1;
}
*/
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment