Revision f2fe3e7...

Go back to digest for 16th March 2014

Features in KDE Base

Alex Fiestas committed changes in [kde-runtime/KDE/4.13] /:

Add support for pam-kwallet in kwalletd

This patch adds support for pam-kwallet
(in my scratch right now, to be released soon).

This is how the new pam works, and why this patch is needed:

In order to open the wallet in a secure way we have to try hard
to not send the hash on an insecure manner
This is how we achieve that:

-pam_kwallet creates a pipe.
-pam_kwallet opens a local socket listening somewhere
(/tmp/foo.socket for example).
-pam_kwallet forks+execv kwallet, passing via arguments
the sockets (pipe and local socket).
-pam_kwallet sends the hash via the pipe.
-kwalletd gets the hash and waits for the environment.
-startkde uses "socat" to send the environment to kwalletd.
-kwalletd setups the environment before any Qt code is executed.
-kwalletd resumes execution.

With this way of executing kwallet we get:
-pam_kwallet knows to who it is sending the hash (its on child).
-hash is never revealed on shared memory (dbus), since pipes
are private to the apps.
-ptrace is usually disabled so only root can see the hash on
the app memory
-no Qt code is executed without the proper environment
(same as startkde)
-if kwalletd is executed normally (not from pam_kwallet) then it is
business as usual.

The patch also comes with integration tests that simulate how
kwalletd is executed in the pam module.

REVIEW: 116555

File Changes

Added 6 files
  • /autotests
  •   kwalletd/CMakeLists.txt
  •   kwalletd/kwalletexecuter.cpp
  •   kwalletd/kwalletexecuter.h
  •   kwalletd/qtest_kwallet.h
  •   kwalletd/testpamopen.cpp
  •   kwalletd/testpamopennofile.cpp
Modified 2 files
  •   kwalletd/CMakeLists.txt
  •   kwalletd/main.cpp
8 files changed in total