[gnome-keyring] pam: Destroy the password in pam_sm_open_session
- From: Stefan Walter <stefw src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-keyring] pam: Destroy the password in pam_sm_open_session
- Date: Thu, 27 Apr 2017 07:54:03 +0000 (UTC)
commit 9db67ef6e39ac51d426dee91da3b9305670241e6
Author: Nicolas Iooss <nicolas iooss m4x org>
Date: Tue Apr 18 23:10:58 2017 +0200
pam: Destroy the password in pam_sm_open_session
gnome-keyring PAM module saves the password of the user in a blob
associated with a PAM handle, using pam_set_data (ph,
"gkr_system_authtok"...) in stash_password_for_session. This data is
kept in the process memory once the PAM session is opened, which allows
root user to read it, for example using gcore.
This password leakage has recently been instrumented with tools such as
mimipenguin (https://github.com/huntergregal/mimipenguin and
https://github.com/n1nj4sec/mimipy).
Fix this leak by destroying the data blob which hold the password once
it has been used in pam_sm_open_session.
https://bugzilla.gnome.org/show_bug.cgi?id=781486
pam/gkr-pam-module.c | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
---
diff --git a/pam/gkr-pam-module.c b/pam/gkr-pam-module.c
index 349aded..fa814b2 100644
--- a/pam/gkr-pam-module.c
+++ b/pam/gkr-pam-module.c
@@ -894,6 +894,12 @@ pam_sm_open_session (pam_handle_t *ph, int flags, int argc, const char **argv)
ret = start_daemon (ph, pwd, true, password);
}
+ /* Destroy the stored authtok once it has been used */
+ if (password && pam_set_data (ph, "gkr_system_authtok", NULL, NULL) != PAM_SUCCESS) {
+ syslog (GKR_LOG_ERR, "gkr-pam: error destroying the password");
+ return PAM_SERVICE_ERR;
+ }
+
return PAM_SUCCESS;
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]