Add support for pam-kwallet in kwalletd

Review Request #116555 - Created March 2, 2014 and submitted

Àlex Fiestas
kde-runtime, release-team
This patch adds support for pam-kwallet (in my scratch right now, to be released soon).

This is how the new pam works, and why this patch is needed:

In order to open the wallet in a secure way we have to try hard to not send the hash on an 
insecure manner. This is how we achieve that:

-pam_kwallet creates a pipe.
-pam_kwallet opens a local socket listening somewhere (/tmp/foo.socket for example).
-pam_kwallet forks+execv kwallet, passing via arguments the sockets (pipe and local socket).
-pam_kwallet sends the hash via the pipe.
-kwalletd gets the hash and waits for the environment.
-startkde uses "socat" to send the environment to kwalletd.
-kwalletd setups the environment before any Qt code is executed.
-kwalletd resumes execution.

With this way of executing kwallet we get:
-pam_kwallet knows to who it is sending the hash (its on child).
-hash is never revealed on shared memory (dbus), since pipes are private to the apps.
-ptrace is usually disabled so only root can see the hash on the app memory
-no Qt code is executed without the proper environment (same as startkde)
-if kwalletd is executed normally (not from pam_kwallet) then it is business as usual.

The patch also comes with integration tests that simulate how kwalletd is executed in the pam module.

For the release team, I would love to add this to 4.13, after all it is innocuous if kwalletd is not executed via pam_module.



  • 1
  • 0
  • 0
  • 1
Description From Last Updated
Make this function static like the other ones? Albert Astals Cid Albert Astals Cid
Albert Astals Cid
Valentin Rusu
Albert Astals Cid
Àlex Fiestas
Albert Astals Cid
Hrvoje Senjan
Commit Hook
Àlex Fiestas
Review request changed

Status: Closed (submitted)