fscrypt.git, branch v0.2.4 Go tool for managing Linux filesystem encryption Merge pull request #105 from google/release 2018-08-23T18:10:06+00:00 Joseph Richey joerichey@google.com 2018-08-23T18:10:06+00:00 1e1b67dae6c3ae3b5acb5ce377b01b286c3e676b Release: v0.2.4 
Release: v0.2.4
 Release: v0.2.4 2018-08-23T18:09:01+00:00 Joe Richey joerichey@google.com joerichey@google.com 2018-08-23T18:07:49+00:00 a2ad53fd17e0dc43754982294c2a7e7d8a797a06 






Merge pull request #103 from google/pam
2018-08-23T18:05:39+00:00

Joseph Richey
joerichey@google.com

2018-08-23T18:05:39+00:00

6ba94e27031f2372073257222b6e551790b1b0c1

Cleanup privilege dropping/raising in pam_fscrypt




Cleanup privilege dropping/raising in pam_fscrypt






Improve debug and error output for pam_fscrypt
2018-08-23T18:00:34+00:00

Joe Richey joerichey@google.com
joerichey@google.com

2018-08-22T12:28:21+00:00

11b09739cbcb25e6602267efe3d48eb063233f5a












Ensure keyring privilege changes are reversible
2018-08-23T18:00:34+00:00

Joe Richey joerichey@google.com
joerichey@google.com

2018-08-22T12:23:00+00:00

315f9b042237200174a1fb99427f74027e191d66

This change makes sure that, when we set the ruid and euid in order to
get the user keyring linked into the current process keyring, we will
always be able to reverse these changes (using a suid of 0).

This fixes an issue where "su <user>" would result in a system error
when called by an unprivileged user. It also explains exactly how and
why we are making these privilege changes.





This change makes sure that, when we set the ruid and euid in order to
get the user keyring linked into the current process keyring, we will
always be able to reverse these changes (using a suid of 0).

This fixes an issue where "su <user>" would result in a system error
when called by an unprivileged user. It also explains exactly how and
why we are making these privilege changes.







Ensure setting user privileges is reversible
2018-08-23T18:00:34+00:00

Joe Richey joerichey@google.com
joerichey@google.com

2018-08-22T12:17:32+00:00

3022c1603d968c22f147b4a2c49c4637dd1be91b

This change makes sure after dropping then elevating privileges for a
process, the euid, guid, and groups are all the same as they were
originally. This significantly simplifies the privilege logic.

This fixes CVE-2018-6558, which allowed an unprivleged user to gain
membership in the root group (gid 0) due to the groups not being
properly reset in the process.





This change makes sure after dropping then elevating privileges for a
process, the euid, guid, and groups are all the same as they were
originally. This significantly simplifies the privilege logic.

This fixes CVE-2018-6558, which allowed an unprivleged user to gain
membership in the root group (gid 0) due to the groups not being
properly reset in the process.







Merge pull request #104 from google/travis
2018-08-23T17:59:35+00:00

Joseph Richey
joerichey@google.com

2018-08-23T17:59:35+00:00

d4d88e16b54eaa9ba2a8dcb07ba545b60f4d4208

Fix Travis to only use Go 1.10




Fix Travis to only use Go 1.10






Update docs to indicate v1.10 is required
2018-08-23T17:53:58+00:00

Joe Richey joerichey@google.com
joerichey@google.com

2018-08-23T17:53:58+00:00

7fb7ad1dc46b9bfc9b80c41dc22658bffaa8351c












Fix Travis to only use Go 1.10
2018-08-23T17:50:17+00:00

Joe Richey joerichey@google.com
joerichey@google.com

2018-08-23T17:50:17+00:00

c3599745ebabda35c43fbb569acf468f98489f5c












Merge pull request #102 from google/mips
2018-08-22T12:45:42+00:00

Joseph Richey
joerichey@google.com

2018-08-22T12:45:42+00:00

75a59da2c5724ca4faf148e50e3c772310287bf3

Use proper sizes when casting to Go slice




Use proper sizes when casting to Go slice