Comments (6)
xscreensaver solves the latter problem by being setuid root (same as chmod +s .../auth_pam_x11). Sure works, but absolutely not recommended, as a bug in auth_pam_x11 then could be used to take over the system.
from xsecurelock.
Build fix: 7f12231#diff-c2c3081275569a523f7b887c77722c5b
Warning fix: 7b8f363
What remains is unfortunately a larger thing - seems like the one way forward is to move the PAM conversation from auth_pam_x11 into a separate binary. That one then can be made setuid root.
from xsecurelock.
slock, xtrlock, metalock also all are setuid root on FreeBSD.
Still, not gonna do that for a screen locker that claims to be secure. auth_pam_x11 does quite a lot nowadays (even keyboard layout switching), could totally imagine that a bug inside libxkb would be exploitable.
Now the good news is, the separate PAM auth process might be a good idea on Linux too, so we could be sure to exercise this to be created interface everywhere. That way we're sure to notice possible bugs, and don't need two interfaces inside auth_pam_x11.
from xsecurelock.
Looks like on openbsd, setgid auth would be a somewhat better option; unfortunately /etc/spwd.db is root:wheel 600 on FreeBSD, so that's not an option here.
from xsecurelock.
Confirmed that the upcoming commit will fix the issue on FreeBSD (one will still have to manually chmod +s authproto_pam).
from xsecurelock.
Current version of the authproto branch now works also on OpenBSD, provided one installs the openpam port.
Installation notes have been updated in 2789d16 to cover FreeBSD and OpenBSD specifics.
from xsecurelock.
Related Issues (20)
- Update Debian packaging HOT 1
- Not showing keyboard layout error
- Unblank and show password prompt after resume HOT 1
- Keyboard layout does not change when fingerprint enabled
- Enabling on only one monitor HOT 2
- Starting in an awake/prompt visible state
- Black flashes after keyboard-initiated suspend-resume cycle
- XSECURELOCK_SHOW_KEYBOARD_LAYOUT Not Working HOT 5
- mpv is shown fullscreen over locker HOT 2
- External sources can un-DPMS the monitor HOT 1
- Screensaver not showing on initial blank
- Feature: custom prompt
- Feature: Honeyword HOT 1
- How to do: (lock -> blank screen -> turn off screen -> wait for two hours -> suspend device) HOT 4
- Interrupt dimming animation on keyboard or mouse event HOT 1
- How to change the timeout value?
- Another MFA PAM Configuration Ignored or Incorrectly Loaded
- How to suspend until keypress, after BLANK_TIMEOUT and AUTH_TIMEOUT is reached? HOT 1
- Saver image does not show in xmonad HOT 1
- Can't use any of the saver modules HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from xsecurelock.