aboutsummaryrefslogtreecommitdiff
path: root/pam_fscrypt/run_fscrypt.go
AgeCommit message (Collapse)Author
2022-02-23pam_fscrypt: ignore system usersEric Biggers
pam_fscrypt should never need to do anything for system users, so detect them early so that we can avoid wasting any resources looking for their login protector.
2022-02-23pam_fscrypt: log errors getting protector in policiesUsingProtector()Eric Biggers
If the error is anything other than ErrNotSetup, it might be helpful to know what is going on.
2022-02-23Strictly validate metadata file ownership by defaultEric Biggers
The metadata validation checks introduced by the previous commits are good, but to reduce the attack surface it would be much better to avoid reading and parsing files owned by other users in the first place. There are some possible use cases for users sharing fscrypt metadata files, but I think that for the vast majority of users it is unneeded and just opens up attack surface. Thus, make fscrypt (and pam_fscrypt) not process policies or protectors owned by other users by default. Specifically, * If fscrypt or pam_fscrypt is running as a non-root user, only policies and protectors owned by the user or by root can be used. * If fscrypt is running as root, any policy or protector can be used. (This is to match user expectations -- starting a sudo session should gain rights, not remove rights.) * If pam_fscrypt is running as root, only policies and protectors owned by root can be used. Note that this only applies when the root user themselves has an fscrypt login protector, which is rare. Add an option 'allow_cross_user_metadata' to /etc/fscrypt.conf which allows restoring the old behavior for anyone who really needs it.
2020-05-09cmd/fscrypt: add FSCRYPT_ROOT_MNT environmental variableEric Biggers
Allow overriding the mountpoint where login protectors are stored by setting the FSCRYPT_ROOT_MNT environmental variable. The CLI tests need this to avoid touching the real "/".
2019-09-08Fix various typos and grammatical errors (#141)ebiggers
These were found by a combination of manual review and a custom script that checks for common errors. Also removed an outdated sentence from the comment for setupBefore().
2018-08-23Improve debug and error output for pam_fscryptJoe Richey joerichey@google.com
2018-02-11vet: eliminate unnecessary shadowingJoseph Richey
Running "go vet -shadow ./..." finds all places where a variable might be incorrectly or unnecessarily shadowed. This fixes some of them.
2017-09-01pam_fscrypt: PAM module no longer crashes on panicJoseph Richey
Now the offending panic will just be logged and the module will fail. This is important as to not crash the login process.
2017-08-30pam_fscrypt: Added logging and use of new pam APIJoe Richey
2017-08-29pam_fscrypt: Handle empty arguments listJoseph Richey
2017-08-23pam_fscrypt: Session accounting completedJoe Richey joerichey@google.com
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-10 19:23:33 +0000