summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Sturmlechner <asturm@gentoo.org>2018-01-21 15:08:14 +0100
committerAndreas Sturmlechner <asturm@gentoo.org>2018-01-21 20:11:35 +0100
commited38416e955f9bfd07cc5f2663778d8373ee9877 (patch)
tree8c514818dc77ccd36d494cec872ded8e7037801c /kde-plasma/kwallet-pam/files/kwallet-pam-5.10.5-privileges.patch
parentmedia-video/vdr: fixed LINGUAS to L10N handling (diff)
downloadgentoo-ed38416e955f9bfd07cc5f2663778d8373ee9877.tar.gz
gentoo-ed38416e955f9bfd07cc5f2663778d8373ee9877.tar.bz2
gentoo-ed38416e955f9bfd07cc5f2663778d8373ee9877.zip
kde-plasma: Drop KDE Plasma 5.10.5
Package-Manager: Portage-2.3.20, Repoman-2.3.6
Diffstat (limited to 'kde-plasma/kwallet-pam/files/kwallet-pam-5.10.5-privileges.patch')
-rw-r--r--kde-plasma/kwallet-pam/files/kwallet-pam-5.10.5-privileges.patch49
1 files changed, 0 insertions, 49 deletions
diff --git a/kde-plasma/kwallet-pam/files/kwallet-pam-5.10.5-privileges.patch b/kde-plasma/kwallet-pam/files/kwallet-pam-5.10.5-privileges.patch
deleted file mode 100644
index 8b45b293bbf9..000000000000
--- a/kde-plasma/kwallet-pam/files/kwallet-pam-5.10.5-privileges.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 1a01e1eb870e1ab1d96a8641f1f3500af646c974 Mon Sep 17 00:00:00 2001
-From: Fabian Vogt <fabian@ritter-vogt.de>
-Date: Thu, 3 Aug 2017 09:27:10 +0200
-Subject: Avoid dropping privileges by initializing gcrypt secmem
-
-Summary:
-It's a documented side effect that initialization of secure memory in gcrypt
-drops privileges if getuid() != geteuid(). This results in breaking setuid
-callers, like sudo or su.
-
-Test Plan: Can use sudo again when pam_kwallet is involved.
-
-Reviewers: #plasma
-
-Subscribers: plasma-devel
-
-Tags: #plasma
-
-Differential Revision: https://phabricator.kde.org/D7124
----
- pam_kwallet.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/pam_kwallet.c b/pam_kwallet.c
-index 46720a5..20d9603 100644
---- a/pam_kwallet.c
-+++ b/pam_kwallet.c
-@@ -722,12 +722,18 @@ int kwallet_hash(const char *passphrase, struct passwd *userInfo, char *key)
-
- gcry_error_t error;
-
-+ /* We cannot call GCRYCTL_INIT_SECMEM as it drops privileges if getuid() != geteuid().
-+ * PAM modules are in many cases executed through setuid binaries, which this call
-+ * would break.
-+ * It was never effective anyway as neither key nor passphrase are in secure memory,
-+ * which is a prerequisite for secure operation...
- error = gcry_control(GCRYCTL_INIT_SECMEM, 32768, 0);
- if (error != 0) {
- free(salt);
- syslog(LOG_ERR, "%s-kwalletd: Can't get secure memory: %d", logPrefix, error);
- return 1;
- }
-+ */
-
- gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
-
---
-cgit v0.11.2
-