Differential D7124

Avoid dropping privileges by initializing gcrypt secmem
ClosedPublic
Actions

Authored by fvogt on Aug 4 2017, 9:45 AM.

Details

Reviewers
mart
Group Reviewers
Plasma
Commits
R107:1a01e1eb870e: Avoid dropping privileges by initializing gcrypt secmem
Summary

It's a documented side effect that initialization of secure memory in gcrypt
drops privileges if getuid() != geteuid(). This results in breaking setuid
callers, like sudo or su.

Test Plan

Can use sudo again when pam_kwallet is involved.

Diff Detail

Repository
R107 KWallet PAM Integration
Branch
patch3
Lint
No Linters Available
Unit
No Unit Test Coverage
fvogt created this revision.Aug 4 2017, 9:45 AM
Restricted Application added a project: Plasma. · View Herald TranscriptAug 4 2017, 9:45 AM
mart accepted this revision.Aug 22 2017, 8:19 AM
This revision is now accepted and ready to land.Aug 22 2017, 8:19 AM

Revision Contents
Changeset List

PathPackages
Mpam_kwallet.c (7 lines)

Diff 17697

View Options

pam_kwallet.c

Loading...