diff options
author | Drew DeVault <sir@cmpwn.com> | 2018-10-06 12:17:36 -0400 |
---|---|---|
committer | Drew DeVault <sir@cmpwn.com> | 2018-10-06 12:20:12 -0400 |
commit | c89e00a97e6bb04c6b4b5c906befdb4767540dbe (patch) | |
tree | a4ccf0cb0afafc0c8db6cbded85a3b156945b12b /swaylock/meson.build | |
parent | Update CONTRIBUTING.md (diff) | |
download | sway-c89e00a97e6bb04c6b4b5c906befdb4767540dbe.tar.gz sway-c89e00a97e6bb04c6b4b5c906befdb4767540dbe.tar.zst sway-c89e00a97e6bb04c6b4b5c906befdb4767540dbe.zip |
Fix swaylock w/shadow on glibc, improve security
Today I learned that GNU flaunts the POSIX standard in yet another
creative way. Additionally, this adds some security improvements,
namely:
- Zeroing out password buffers in the privileged child process
- setuid/setgid after reading /etc/shadow
Diffstat (limited to 'swaylock/meson.build')
-rw-r--r-- | swaylock/meson.build | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/swaylock/meson.build b/swaylock/meson.build index 6605340b..f3321a78 100644 --- a/swaylock/meson.build +++ b/swaylock/meson.build | |||
@@ -26,6 +26,9 @@ else | |||
26 | warning('The swaylock binary must be setuid when compiled without libpam') | 26 | warning('The swaylock binary must be setuid when compiled without libpam') |
27 | warning('You must do this manually post-install: chmod a+s /path/to/swaylock') | 27 | warning('You must do this manually post-install: chmod a+s /path/to/swaylock') |
28 | sources += ['shadow.c'] | 28 | sources += ['shadow.c'] |
29 | if crypt.found() | ||
30 | dependencies += [crypt] | ||
31 | endif | ||
29 | endif | 32 | endif |
30 | 33 | ||
31 | executable('swaylock', | 34 | executable('swaylock', |