diff options
| author |  Drew DeVault <sir@cmpwn.com> | 2018-10-06 12:17:36 -0400 |
|---|---|---|
| committer | Drew DeVault <sir@cmpwn.com> | 2018-10-06 12:20:12 -0400 |
| commit | c89e00a97e6bb04c6b4b5c906befdb4767540dbe (patch) | |
| tree | a4ccf0cb0afafc0c8db6cbded85a3b156945b12b /swaylock/meson.build | |
| parent | Update CONTRIBUTING.md (diff) | |
| download | sway-c89e00a97e6bb04c6b4b5c906befdb4767540dbe.tar.gz sway-c89e00a97e6bb04c6b4b5c906befdb4767540dbe.tar.zst sway-c89e00a97e6bb04c6b4b5c906befdb4767540dbe.zip | |
Fix swaylock w/shadow on glibc, improve security
Today I learned that GNU flaunts the POSIX standard in yet another
creative way. Additionally, this adds some security improvements,
namely:
- Zeroing out password buffers in the privileged child process
- setuid/setgid after reading /etc/shadow
Diffstat (limited to 'swaylock/meson.build')
| -rw-r--r-- | swaylock/meson.build | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/swaylock/meson.build b/swaylock/meson.build index 6605340b..f3321a78 100644 --- a/swaylock/meson.build +++ b/swaylock/meson.build | |||
| @@ -26,6 +26,9 @@ else | |||
| 26 | warning('The swaylock binary must be setuid when compiled without libpam') | 26 | warning('The swaylock binary must be setuid when compiled without libpam') |
| 27 | warning('You must do this manually post-install: chmod a+s /path/to/swaylock') | 27 | warning('You must do this manually post-install: chmod a+s /path/to/swaylock') |
| 28 | sources += ['shadow.c'] | 28 | sources += ['shadow.c'] |
| 29 | if crypt.found() | ||
| 30 | dependencies += [crypt] | ||
| 31 | endif | ||
| 29 | endif | 32 | endif |
| 30 | 33 | ||
| 31 | executable('swaylock', | 34 | executable('swaylock', |